Authorities on Risk Assurance

The Shared Assessments Blog

New OCC Guidance: Merchant Processing Guidance Highlights Third Party Risks

Published on August 28, 2014 By | Posted in: Guidance, News

OCC issues revised guidance (OCC Bulletin 2014-41) on Merchant Processing as regulators continue to increase focus on third party risk. In their revised guidance the OCC stresses the need for expanded due diligence of third party card processors. The guidance reinforces the OCC’s concept of managing third party service providers throughout the entire vendor lifecycle […]

A New Ice Bucket Challenge for FIs

Published on August 26, 2014 By | Posted in: Compliance, Dodd-Frank, Regulations, Regulatory Compliance

While last week my news feeds on social media showed an avalanche of humorous ice bucket challenges, it sparked a comparison to me of the recent Avalanche of Regulation Infographic published by the American Bankers Association (ABA). The burden of regulatory compliance is dousing the fires of creativity and customer loyalty in banking. How Regulations […]

PCI Security Standards Council Focuses on Third Party Risks

Published on August 12, 2014 By | Posted in: News, Security, Standards

Confirming the need for stringent third party risk assessments, the PCI security standards council issued a guidance this week focusing on the need to thoroughly assess third party service providers who store, process or transmit cardholder data. The PCI Guidance underscores and reinforcing Shared Assessments’ position that because third party service providers are under increasing […]

Evolution of Contract Compliance

Published on August 11, 2014 By | Posted in: Compliance

Part IV of a IV part series As Shared Assessments Program Chair, Linnea Solem stated in part 3 of this four part blog series, Regulators Expectations for Third Party Risk Management, this blog will be focusing on the evolution of contract compliance with third parties given today’s regulatory landscape. Of course, as the old saying […]

Holistic Information Security – People, Process and Technology

Published on August 6, 2014 By | Posted in: Data Breach, Information Security, PHI

The attention to People and Process is lagging far behind In reviewing the recent plethora of data breach stories, I am beginning to see a pattern here. While many companies answer to breaches with more and more technology, it appears that they are ignoring what may be the real root cause…….People and Process. Case in […]

Assurance Processes to Address Fourth Party & Subcontracting Risks

Published on July 29, 2014 By | Posted in: Forth Party Risk, Risk, Subcontractor Risk

Part III of a IV part series In part II of the four part blog series, Regulators Expectations for Third Party Risk Management, I focused on governance and oversight structures for each phase of the third party relationship lifecycle. Today, I am going to take a deeper dive into managing fourth party and subcontracting risks […]

How Shared Assessments Approached the Need to Assess the Security of Third Party Provided Software

Published on July 24, 2014 By | Posted in: Newsletter, Security, Software Security

During discussions in 2013 to determine the next risk areas that should be addressed by the Shared Assessments Program Tools, the focus rapidly turned to software security. As we polled our members we found that many of them were concerned with the security of the software being provided by their vendors, and more importantly what […]

Structure Governance & Oversight Programs

Published on July 18, 2014 By | Posted in: Governance, Oversight

Part II in a IV part series As I outlined in part one in this four part blog series entitled, Regulators Expectations for Third Party Risk Management, organizations need to deploy a risk-based approach when developing their third party oversight program. Today, I want to explore concepts for how organizations can structure governance & oversight […]

Risk-based Approach to Third Party Risk Management

Published on July 10, 2014 By | Posted in: News, Risk Management, Third Party Risk

Part I in a series In less than eighteen months, there has been more industry guidance and updated regulations regarding third party risk than at any other juncture in the evolution of governance within the financial services industry. Media attention from retailer breaches and enforcement actions by industry regulators has put the oversight of third […]

Payment Token Implementation Do’s and Don’ts

Published on July 1, 2014 By | Posted in: Payments, Tokens

With an estimated 70% of US credit cards likely to be EMV chip ready by the end of next year1 , the race to protect against sharply increased levels of card-not-present fraud has begun in earnest. As we’ve discussed in the past, one of the most important tools to help mitigate card-not-present fraud will be […]

Online Business Systems logo
Shared Assessments Licensee ctg
Shared Assessments Licensee White Hat
Shared Assessments Logo Ernst & Young
trusted integration logo
Shared Assessments Logo usbank
Shared Assessments Licensee ControlCase
Shared Assessments Logo first data
Shared Assessments Logo dtcc
el paso electric logo
Shared Assessments Licensee Pivot Point Security
MetricStream logo
Shared Assessments Licensee Protiviti
kpmg-logo-web-2
Shared Assessments Logo Bank Of New York Mellon
Shared Assessments Program licensee Churchill & Harriman logo
Shared Assessments Logo tsys
ez-shield-logo-web-2
Shared Assessments Licensee Rsam
Genpact-logo-web
Agio Logo
PCV-logo-web
Shared Assessments Logo Deloitte
prevalent-logo-web-2
veracode-logo-web
Shared Assessments Program licensee Nice logo
Shared Assessments Logo sei
Aujas Information Risk Services Logo
Shared Assessments Licensee Telerex
Shared Assessments Licensee Power Advocate
Shared Assessments Logo Lerner Sampson & Rothfuss
Shared Assessments Licensee Bank of the West
Shared Assessments Licensee Pro Teck
intralinks-logo
ProcessUnitybanner
Shared Assessments Licensee ZS logo
fis-logo-web
brinqa-logo-web
evault-logo-web-2
Shared Assessments Licensee LTD Financial Services
Shared Assessments Logo Deluxe Corp
Shared Assessments Logo cvs
Shared Assessments Logo yodlee
Shared Assessments Logo Iron Mountain
Shared Assessments Logo pwc
Shared Assessments Licensee-Copytalk
booz-allen-logo-web
Early Warning Logo
CRIF Logo
Shared Assessments Licensee BSI
Shared Assessments Licensee AON
advance-america-logo-web-2
Shared Assessments Program licensee Enode logo
Shared Assessments Logo zywave
Shared Assessments Licensee redtail
Shared Assessments Logo jpmorgan
Shared Assessments Licensee RSA
Shared Assessments Logo radian
Shared Assessments Licensee Lockpath
NationalStudentClearinghouse
Shared Assessments Licensee Identity Theft 911
Ellie Mae Logo
continuity-logic-logo-web-2
Shared Assessments Licensee TD Ameritrade
Viewpoint Logo
Shared Assessments Licensee-Brainshark
Shared Assessments Licensee BWise
Shared Assessments Licensee Caanes
sti-logo-web