Who We Are

In our global economy where third-party services are essential, Shared Assessments is at the forefront of providing thought leadership, standards, and education to drive third-party risk assurance. With nearly 20 years focused on collaborating to reduce risks associated with outsourcing, here are key milestones in our origin story:

• The Founding Vision: Driven by a need for efficiency and standardization in third-party risk management, industry leaders including major banks and the big four accounting firms came together to streamline assessing third-party risks posed by vendors. Originally, our program was coined Bank Information Technology Security (BITS), and we focused on streamlining the data security audit process for banks and vendors. (Previously, banks conducted bespoke assessments of vendors in a time-consuming process.)

• Inception Of The SIG Questionnaire: Recognizing the need for efficiency for companies creating and responding to unique questionnaires from each partner, Shared Assessments developed the Standardized Information Gathering (SIG) Questionnaire. This standardized tool aimed to assess cybersecurity risks, operational risks, and other potential threats posed by third parties. Today, more than 500 organizations and partners license the Standardized Information Gathering (SIG) Questionnaire for security due diligence with tens of thousands of clients and vendors who accept the SIG as the industry-standard.

• Growth and Expansion: Shared Assessments evolved its initial focus on the financial services industry and questionnaires. We established a global membership program, allowing organizations across a diverse range of industries to join forces and share best practices. This collaborative approach has fostered the development of a rich ecosystem of resources for managing third-party risk.

• Beyond The SIG: While the SIG Questionnaire remains a cornerstone of our offerings, Shared Assessments offers a comprehensive suite of products. This includes tools for self-assessment, vendor risk management, and data governance, all designed to empower organizations in managing third-party risk effectively.

• Education and Thought Leadership: Shared Assessments prioritizes knowledge sharing. We offer educational programs and certifications to enhance the expertise of third-party risk professionals and support practitioners throughout their careers. Additionally, we conduct research and publish papers and studies to keep members informed. Fostering thought leadership in the field, we host industry events including US Summit and UK Summit and bring together risk practitioners in our regularly occurring committee meetings.

Shared Assessments’ story reflects the importance of managing third-party risk in today’s interconnected business landscape. Through collaboration and the development of standardized tools, we have become a central hub for organizations seeking to navigate this complex area effectively. Third-party risk management is a relationship business. Our greater community is essential to what we do. Our focus continues to be working together to create a more secure and resilient world.