Shared Assessments has released the 2022 Third Party Risk Management Toolkit. The tools included in this update are:
The Toolkit functions as a framework for Third Party Risk Management (TPRM) allowing 15,000+ organizations worldwide to design and manage their programs with a high degree of assurance and efficiency through standardization. The SIG is also incorporated into the products of 37 of our third party risk software and GRC platform licensees.
Our 300+ member organizations bring diverse viewpoints into the creation of the tools including:
The toolkit was updated to keep up with regulatory changes, an evolving threat landscape and business requirements. Changes were also made to make it easier to create questionnaires and manage programs. While the tools can stand alone, we focused on aligning the entire suite of tools for 2022.
Every year, the Shared Assessments TPRM Toolkit is updated to keep pace with the current risk environment.
2021 saw a major increase in ransomware, for example. Even if we do not record a single ransomware attack in this second half of 2021, this year will go down as the worst year yet for ransomware. Social engineering attacks, distributed denial-of-service (DDoS) and state sponsored cyberattacks are also on the rise. And we are seeing an increase in attacks on critical infrastructure, such as the Colonial Pipeline disruption.
New regulations call for organizations to evidence the completion of risk assessments and securely store these artifacts. With an industry-wide shift to virtual assessments during the pandemic, this documentation has become even more critical.
For organizations struggling to find a foothold amidst pandemic induced challenges, protracted disruptions to supply chains and difficulty to onboard and assess new vendors remains an issue. While at the same time, cost pressure has prevented insourcing.
A remote workforce poses its own challenges – in the Work-From-Anywhere (WFA), on-boarding and training of risk management personnel has become more challenging.
Economy-wide, pressure is growing to introduce ESG measures (environmental, social, and governance) across extended enterprise. Third party risk management programs are being called upon to assist their organizations’ ESG efforts with their most critical suppliers and vendors.
As the face of third party risk changes, the Shared Assessments 2022 Third Party Risk Management Toolkit prepares risk practitioners and programs for a shifting reality.
Shared Assessments updates tools to follow regulations, guidelines and standards for a wide range of industries. The 2022 Toolkit has integrated 1,600 Control Points from new guidelines, regulations, and frameworks including:
Third party risk programs must increasingly gauge the ESG compliance of critical suppliers and vendors. In response, new features of the 2022 Toolkit include ESG updates among all SA Tools:
Smarter and streamlined, the 2022 SIG Questionnaire allows organizations to build, customize, analyze and store questionnaires. A simplified user experience delivers vetted questions mapped to the most recent controls and regulatory guidance.
The SIG continues to provide standardization and efficiency in performing third party risk assessments along with:
The SCA Procedures are standardized resources (tools, templates, checklists, guidelines) that can be used to plan, scope, and perform third party risk assessments. The procedures provide a standardized and objective assessment workbook for assessors to verify vendor compliance with standardized control testing.
As the COVID pandemic shifted risk management programs towards performing virtual assessments, the SCA served as the standard for improving efficiency, accuracy and quality in remote assessments. Having helped many organizations migrate in-person assessments to virtual assessments, for 2022 the SCA has matured with:
A TPRM Program Assessment Tool to assist organizations as they develop mature TPRM programs, the VRMMM allows Third Party Risk programs to benchmark themselves against a comprehensive set of best practices. The 2022 release of the VRMMM introduces a multidimensional program model, which explores 250 distinct program elements formed by 8 key structures and 6 key attributes a well-run third party risk management program will have.
The 2022 release of the VRMMM explores 250 distinct program elements formed by 8 key structures and 6 key attributes a well-run third party risk management program will have. It supports both assessments of a vendor’s TPRM program and self-assessment of a company’s own TPRM program. This invaluable guidance is particularly helpful for practitioners new to risk management teams, and to organizations building a TPRM Program.
The 2022 Toolkit features a sweeping refresh and reorganization of VRMMM content reflecting global industry guidance around third party risk and modernization of TPRM language. Other enhancements to the VRMMM in 2022 include:
The Data Governance Tools are solutions for addressing specific data protection obligations (increasing worldwide) in third party risk. The tools enable collection and maintenance of data governance information required to address compliance for authorized data use by third and fourth parties by product, service, or system.
The 2022 Data Governance Tools include:
The Data Governance Tools have evolved for increasing regulatory pressure across the world and now:
Members can download the 2022 Toolkit here.
Become involved with making the tools here.
Schedule a demo here.