Across the northern hemisphere, temperatures are dropping, trees are transitioning color, and the 2023 Shared Assessments Third Party Risk Management Product Suite has arrived with changes!
Responsive to the regulatory and risk environment, enhancements to the 2023 TPRM Product Suite are manifold.
The 2023 Shared Assessments Third-Party Risk Management Product Suite lays the foundation for building and scaling a successful TPRM Program.
Bringing your risk management processes together, the 2023 TPRM Product Suite is comprised of four core solutions:
The 2023 TPRM Product Suite can be used to assess outsourcing risk across all major industry verticals, including banking, energy, utilities, government, healthcare, information technology, manufacturing, and retail. 15,000+ organizations run efficient and effective Third-Party Risk Management programs with the Shared Assessments TPRM Product Suite.
The 2023 Standardized Information Gathering (SIG) Questionnaire’s new Nth Party Domain accounts for an increasingly complex supply chain, helping users scope a SIG supply chain risk assessment with more ease & precision.
Additionally, ESG (Environmental, Social, Governance) takes a prominent role in the 2023 SIG with 131 questions in a new ESG Risk Domain allowing users to easily scope an ESG-specific SIG. Risk practitioners can use an ESG-scoped SIG to self-assess their own organization’s ESG compliance, or to assess third-party ESG risk (and use responses to assist with ESG reporting and metrics).
The 2023 SIG has received important Privacy Updates to address pending CPRA/CCPA implementation in California, as well as EU GDPR updates, the GLBA Data Safeguard ruling, and impending U.S. State Privacy laws from Colorado, Utah, Virginia, and Connecticut.
Supporting details may be found within the Shared Assessments Glossary and in our Guide to Risk Domains.
Mapping additions to the 2023 Standardized Information Gathering Questionnaire (SIG) help organizations stay current with the latest regulations and widely adopted standards:
The Standardized Control Assessment (SCA) Procedure Products are used to verify a vendor’s risk controls and document artifacts using a consistent, objective methodology. Domains and procedures in the 2023 SCA are updated and aligned to match controls in the 2023 SIG.
Simplifying Virtual Assessments are a key area of focus in the 2023 SCA. Improved recordkeeping and audit templates, plus streamlined methods for collecting business information, deliver efficient and accurate virtual assessments.
The Vendor Resource Management Maturity Model (VRMMM) benchmarks TPRM programs against a comprehensive set of best practices. Benchmark surveys are conducted by Shared Assessments across all major industry verticals.
Evaluation efficiency is afforded by the 2023 VRMMM, where enhanced visualizations quickly identify TPRM program gaps between the current state and the next maturity milestone. The VRMMM supports both assessments of a vendor’s TPRM program and self-assessment of a company’s own TPRM program – particularly helpful for practitioners new to risk management teams, and to organizations building a TPRM program.
The 2023 Data Governance products include a Target Data Tracker (TDT), helping entities assess the scope of Personally Identifiable Information (PII) handled by outsourced services, including data jurisdictions. New 2023 TDT updates include GLBA Data Safeguards and UK SCCs for International Data Transfer Requirements, plus additional scoping questions in response to emerging technology such as Artificial Intelligence (AI), Machine Learning (ML), and digital marketing. The TDT includes modified definitions of personal data to better align with “Sensitive” data classification based on new Privacy Laws.