Member Projects

Shared Assessments’ primary mission is to build reliable, comprehensive and easy-to-use tools to rationalize the vendor assessment process. As a consortium of national and international organizations, Shared Assessments members understand the importance of comprehensive standards for managing risk.

Shared Assessments also offers opportunities for members to address global risk management challenges through its working groups and committees. Read more about these groups below, or contact Joyce Crawshaw to learn how your organization can get involved.

Cloud Working Group

The Shared Assessments Program began addressing Cloud Computing in 2009 when members added six new procedures to its onsite assessment tool (the AUP) and inserted cloud-relevant questions into several sections of the Shared Assessments questionnaire (the SIG). In 2010, the Shared Assessments Cloud Computing Working Group published Evaluating Cloud Risk for the Enterprise: A Shared Assessments Guide.

The Cloud Computing Working Group meets regularly to discuss developments in cloud technology that affect risk management. This group works with the Technical Development Committee to make updates that reflect the growing importance of Cloud Computing across the IT landscape.

The Cloud Computing Working Group is led by Niall Browne, CISO, LiveOps, and Shared Assessments Program Chair. Contact us for more information about this group.

Technical Development Committee

The Technical Development Committee (TDC) of the Shared Assessments Program is an active group of privacy, information security and business continuity experts dedicated to promoting global adoption of the Shared Assessments standards.

TDC members play an important leadership role in the Shared Assessments Program. TDC membership offers:

  • Participation in a global community of risk management and information technology professionals
  • Professional development opportunities
  • Collaboration with industry peers on challenging issues in information security, privacy and business continuity

TDC Mission

The TDC’s mission is to ensure the Shared Assessments Program standards are relevant and thorough, responding to a range of new and emerging US and international guidelines for privacy, information security and business continuity. TDC members meet regularly throughout the year, working together to carefully review and update the Shared Assessments tools: the Agreed Upon Procedures (AUP) and the Standard Information Gathering Questionnaire (SIG).

Who Serves on the TDC?

TDC members are risk management leaders from a range of industries. They are chief information security officers, chief privacy officers, and subject matter experts who are motivated to help build and sustain Shared Assessments’ rigorous standards. TDC participants include experts from the Big 4 accounting firms (Deloitte & Touche, Ernst & Young, KPMG, and PricewaterhouseCoopers), which serve as Technical Advisers to the Shared Assessments Program.

Contact us to learn more about the Technical Development Committee.

ANSI PHI Project

Organizations are struggling with two key concerns today: how to protect patient health information and how to better understand the financial harm caused when protected health information (PHI) data is breached, lost or stolen. Led by the American National Standards Institute (ANSI), via its Identity Theft Prevention and Identity Management Standards Panel (IDSP), in partnership with the Shared Assessments Program and the Internet Security Alliance (ISA), this project was created to promote greater clarity on these issues so that the healthcare industry can:

  • Make better investment decisions to protect PHI
  • Improve its responsiveness when patient information is compromised

The ANSI/Shared Assessments/ISA PHI Project is a cross-industry group of more than 100 experts from data security companies, identity theft protection providers and research organizations, legal experts on privacy and security, standards developers, and others.

Together, these individuals are working to develop a formula that healthcare organizations can use to determine the economic impact of any disclosure or breach of protected patient data. The group’s findings will be published in a report targeted at those responsible for and entrusted with protecting and handling PHI.

Rick Kam, President and Co-Founder of ID Experts, chairs the PHI Project. The initiative is made possible through the generous support of these organizations:

Participation in the PHI Project is open to all interested and affected parties. There is no fee to participate. For additional information, including a webinar and information about sponsorship opportunities, see www.ansi.org/phi. To participate, email idsp@ansi.org.

deloitte
jpmorgan
goldnamsachs
protivity
pwc
electriccompany
mercedsystems
www.prevalent
www.ctg
dtcc
drivesavers
jbr
acxiom
att
sungard
proteck
target
pge
earlywarning
liveops
www.modulo
www.rsa
yodlee
fishnet
ezshield
deluxe
cvs
aon
churchillharriman
wilmingtontrust
deutsche
ernstyoung
www.csinitiative
radian
nyupoly
sei
zywave
recall
bnym
redtail
kpmg
bofa
tsys
usbank
firstdata
www.rsam
idexperts
lsr
www.controlcase
ironmountain
www.lockpath
www.compliance360
morganstanley