The Trusted Source in
Third Party Risk Assurance

  • Creating efficiencies and cost savings to effectively
    manage the vendor risk management lifecycle
  • Tools follow "a trust, but verify" standardized approach,
    adopted globally across a broad range of industries
  • Kept current with regulations, industry standards
    and guidelines, and the current threat environment
  • Education, resources and tools for outsourcers,
    service providers, assessment firms and solution providers

Membership & Tools

Membership
Join our global community of risk management professionals and access our Tools and resources
Learn more about becoming a member of the Shared Assessments Program
Learn More »

Become a member of the Shared Assessments Program

"Adopting the Shared Assessments Program enabled Deluxe to reduce cycle time, improve quality, & streamline the due diligence process. At Deluxe, two-thirds of our due diligence requests use Shared Assessment tool."
— Linnea Solem, CIPP, CIPP/C, Chief Privacy Officer, Vice President Risk and Compliance, Deluxe Corp, Shared Assessments Program Chair
  • Participate in a global community of information security, privacy, and third party risk management leaders
  • Gain access to members-only resources and the Shared Assessments Program Tools, including the SIG and AUP
  • Develop and demonstrate knowledge with industry peers on challenging issues in information and data security, privacy and business continuity
  • Gain opportunities to build, shape and refine vendor risk management tools and best practices
  • Network with information security officers, privacy officers, and other subject matter experts

Just the Tools

Purchase icon
Purchase our ready-to-use Tools to develop and manage your third party vendor assurance program.
Learn more about purchasing the world’s most comprehensive third party risk management tools
Learn More »

The world’s most comprehensive third party risk management tools

Shared Assessments Portrait Niall Browne
"Shared Assessments Program tools allow enterprise organizations to evaluate and measure the level of IT risk across their vendors in an quantifiable, objective and repeatable process."
— Niall Browne, CSO and VP of Security, Workday
  • Obtain efficiencies and cost savings by using just one document to establish and define your risk control environment
  • Reduce FTE costs by using one document to satisfy multiple client requests, rather than responding to multiple proprietary questionnaires
  • Used globally by financial institutions, healthcare organizations, energy/utility, retailers, telecommunications and others
  • Shared Assessments Program Tools kept current with regulatory and industry standards
"Integrating the full range of Shared Assessments content into our GRC platform gives our customers streamlined vendor management tools, empowering them to better manage the governance, risk and compliance issues surrounding their third-party relationships."
— Chris Caldwell, CEO, LockPath

Casting the Net for Third Party Risk

Published on July 26, 2016 By | Posted in: Third Party Risk, Regulatory Compliance, Risk Management, Third Party Risk Management, Shared Assessments, Program Tools, Blog, Agreed Upon Procedures (AUP)

The summer of 2016 has been one of media challenges, and breaking records for heat waves across many states. Slow moving boats, relaxing fishing in

What the UK Brexit Vote Could Mean for Privacy

Published on July 21, 2016 By | Posted in: Privacy, Newsletter, Data, EU, Brexit, Data Protection

It has been a month since the UK voted to leave the EU and there is still plenty of uncertainty along the road ahead. However,

OCC Statement Release

Published on July 15, 2016 By | Posted in: Risk Management, Risk, OCC, Blog

The Office of the Comptroller of the Currency’s Office of Enterprise Risk Management released its statement this week on its National Risk Committee’s Semiannual Risk

2016 Tone at the Top and Third Party Risk Survey

Screen Shot 2016-05-02 at 9.03.38 AM

Tone at the Top and Third Party Risk examines the role of executives in third party risk management in a broad range of industries and the effect of tone at the top on minimizing business risks within organizations. This study is sponsored by Shared Assessments and conducted by the Ponemon Institute.

Key findings indicate that third party vendor risk is not being effectively implemented:

  • Only 26% of respondents believe that their organization’s third party risk assessment of controls is effective.
  • 50% of respondents do not believe the risk management process is aligned with their organization’s business goals.
  • Just 11% say their organizations are very effective at communicating values throughout the enterprise or to business partners, vendors and other third parties.

Learn More and Access the Paper. »

Financial Services Industry Call to Action

Call to Action Cover

The increased connectivity and complexity of critical infrastructure systems both nationally and globally puts economic and public security squarely at the forefront of risk management in every sector and industry vertical. A proactive stance is clearly required to establish best practices for more mature risk management programs industry-wide.

The financial services industry is in position to continue its leadership role in third party risk management, in order to improve the quality and efficiency of risk management programs at both the outsourcer and provider levels to collectively raise the bar and establish effective industry-wide risk management solutions.

Learn More and Access the Paper »

Onsite Assessments Best Practices White Paper

BP White Paper Cover

In 2015, a Shared Assessments awareness committee was established to create a best practice assessment and scoping guideline practical for all outsourcing organizations, onsite assessment teams, managers and service providers, regardless of industry or assessment scope. The guideline will work in concert with existing onsite assessment tools and processes. It provides a clear, consistent methodology to keep the assessment process on target and therefore reduce duplication of effort and assessment fatigue.

Learn More and Access the Paper »

Tone at the Top White Paper

Tone-at-the-Top

DID YOU KNOW?

Consensus is quickly growing that an effective risk culture cannot be developed without a “Tone at the Top” that demonstrates, beyond doubt, that the Board and C-Suite are active in building and maintaining an effective enterprise risk management culture and program, inclusive of third party risk issues. The right Tone at the Top and risk culture can become important drivers of improved organizational performance – companies that incorporate risk management into their strategic planning process and operating model gain clear competitive advantage

Learn More and Access the Paper »

Incident Response Briefing Paper

IRBP ImageThe Shared Assessments Program is pleased to announce our briefing paper, Building Best Practices for Effective Monitoring of a Third Party’s Incident Event Management Program.

To help organizations be better prepared against increasingly inevitable incidents, the Shared Assessments Program SIG Committee has released Building Best Practices for Effective Monitoring of a Third Party’s Incident Event Management Program. The paper outlines a newly developed best practices model of incident event management program creation.

Learn More and Access the Paper. »

2015 Shared Assessments Benchmark Study

Cover-2015-Benchmark-Study The 2015 Vendor Risk Management Benchmark Study by Shared Assessments in collaboration with global consulting firm Protiviti examines the maturity of vendor risk management.

Learn More and Access the Report »

Collaborative Onsite Assessments Case Study

COA CoverThe Shared Assessments Program is pleased to present a case study based on our first in a series of pilots for our Collaborative Onsite Assessment program.

The goal of this pilot program is to create the opportunity for multiple industry outsourcers to perform a collaborative onsite assessment of a single service provider, performed by an independent assessment firm, leveraging the Shared Assessments Agreed Upon Procedures (AUP), the standardized testing procedures of the Shared Assessments Program, as a common onsite assessment vehicle. The case study outlines the methodology used and the results of this first pilot.

Access the Report »

2016 Program Tools

Our 2016 Shared Assessment Program Tools deliver comprehensive assessment of IT, privacy and data security controls to manage threats.

Learn which Program Tool is right for you »

crowdstrikebw
Online Business Systems logo
Shared Assessments Logo Deloitte
Genpact-logo-web
advance-america-logo-web-2
PCV-logo-web
BSI Logo CMYK png bwRS
sti-logo-web
NationalStudentClearinghouse
165x100x72-web
SecureState165x100x72-web
Shared Assessments Licensee Pivot Point Security
CRIF Logo
GT_logo_165x100x72_web
HNE_logobw
Shared Assessments Logo radian
Shared Assessments Licensee Rsam
Shared Assessments Licensee Protiviti
Shared Assessments Licensee-Copytalk
logo-rsabw
MetricStream logo
Ellie Mae Logo
Shared Assessments Licensee White Hat
Shared Assessments Licensee ZS logo
Fidelity_Logobw
Shared Assessments Licensee Identity Theft 911
Shared Assessments Logo Iron Mountain
BWSecurityScorecard165x100x72-web
prevalent-logo-web-2
Shared Assessments Logo pwc
OPTIV_rgb-bw-web
Shared Assessments Licensee Caanes
TreliantSolutions_logo_84hbwweb
enode-logobw
Shared Assessments Licensee Pro Teck
dealogic-20logo-high-20res_165x100x72_web
riskvision_logo_largebw-web
Shared Assessments Logo Ernst & Young
fis-logo-web
veracode-logo-web
Viewpoint Logo
Shared Assessments Program licensee Churchill & Harriman logo
Shared Assessments Logo dtcc
ez-shield-logo-web-2
Early Warning Logo
Shared Assessments Licensee Power Advocate
Logo-Nasdaq_BWise-JPGbw2
intralinks-logo
Shared Assessments Licensee Lockpath
kpmg-logo-web-2
Shared Assessments Licensee Bank of the West
Shared Assessments Logo sei
Shared Assessments Licensee TD Ameritrade
waynecounty_logo_165x100x72_web
ce_logo_bw
Shared Assessments Logo first data
Shared Assessments Logo Bank Of New York Mellon
Shared Assessments Logo usbank
Shared Assessments Licensee ctg
Shared Assessments Logo Deluxe Corp
Shared Assessments Logo yodlee
Shared Assessments Licensee ControlCase
ProcessUnitybanner
el paso electric logo