About Shared Assessments

The Shared Assessments Program has been setting the standard in third party risk assessments since 2005

Shared Assessments, the trusted source in third party risk assurance, is a member-driven, industry-standard body with tools and best practices, that injects speed, consistency, efficiency and cost savings into the control assessment process. Shared Assessments Program members work together to eliminate redundancies and create efficiencies, giving all parties a faster, more rigorous, more efficient and less costly means of conducting security, privacy and business resiliency control assessments.

Streamlining Control Assessments

The service provider control evaluation process has long been inefficient and costly for all parties. Each outsourcing organization produces and distributes its own proprietary assessment questionnaire to each of its service providers. Service providers strain their resources to respond to diverse proprietary information requests. Inconsistencies from questionnaire to questionnaire cause delays for all parties, and time- and resource-intensive onsite assessments further burden the issuer/outsourcer and the assessee.

In 2005, six members of the financial services industry, in conjunction with the Big 4 accounting firms and key industry service providers, set out to ease the burden on both outsourcers and third parties. Their goal was to streamline the cumbersome evaluation process and create an industry standard. The result is the Shared Assessments Program.

Establishing Global Standards

Today the Shared Assessments Program’s membership has grown well beyond its founders, and companies across the globe in a variety of industries have adopted the Shared Assessments standards.

To promote adoption of the Program’s standards, the Shared Assessments Program Tools: the Standardized Information Gathering (SIG) questionnaire, the Shared Assessments Agreed Upon Procedures (AUP): a tool for standardized onsite assessments and the Vendor Risk Management Maturity Model (VRMMM), are free to members or are available for download here.

Leading Innovative Programs

In addition to providing the industry’s leading third party risk assessment Program Tools, Shared Assessments focuses on developing and implementing innovative programs that provide efficiencies across the industry.

One such program is Collaborative Onsite Assessments (COA), which brings together industry peers to perform a collaborative assessment on a common service provider. This program frequently results in the removal of intensive, multiple and overlapping information requests, simplifying the assessment process.

Service Provider Benefits

All of the participants in the vendor risk management lifecycle were considered during the development of the SIG and the AUP. Service providers share an equal role, along with outsourcers and assessments firms, in the ongoing development of the Program Tools helping to insure that all parties’ needs are considered. As a result, the SIG is regularly used proactively by service providers in response to RFP’s (to help demonstrate their security controls) and as a component of an annual assessment process. A section in the SIG How To Guide specifically addresses the needs of service providers and assists in responding to client issued SIG questionnaires.

Getting Involved

Shared Assessments membership offers exciting opportunities for industry collaboration, professional development and brand visibility. Our members are organizations that outsource domestically and around the globe and understand the importance of comprehensive, industry-standard third party risk management processes. Shared Assessments membership is available to outsourcers across the industry spectrum, as well as to service providers, consulting organizations, assessment firms and international associations.

The Santa Fe Group’s Role

The Santa Fe Group manages the Shared Assessments Program, continuing its mission to provide an independent, industry-driven standard for evaluating third party control processes. Contact us for more information.

Shared Assessments Logo Deluxe Corp
Shared Assessments Licensee ZS logo
Shared Assessments Logo yodlee
Shared Assessments Licensee TD Ameritrade
Shared Assessments Logo sei
Shared Assessments Licensee Pivot Point Security
Shared Assessments Logo Iron Mountain
Shared Assessments Licensee ctg
Shared Assessments Program licensee Churchill & Harriman logo
Shared Assessments Logo Ernst & Young
Shared Assessments Licensee Bank of the West
Shared Assessments Logo radian
Shared Assessments Logo Bank Of New York Mellon
Viewpoint Logo
Shared Assessments Licensee-Copytalk
Shared Assessments Licensee Rsam
Shared Assessments Licensee ControlCase
Shared Assessments Licensee Protiviti
Shared Assessments Logo Deloitte
Shared Assessments Licensee Lockpath
MetricStream logo
Shared Assessments Logo dtcc
Shared Assessments Logo usbank
Shared Assessments Licensee Power Advocate
Shared Assessments Logo first data
intralinks-logo
Shared Assessments Logo pwc
Shared Assessments Licensee Identity Theft 911