The Value of Virtual Assessments

by Sabine Zimmer | September 11, 2019 | Third Party Risk Management, Vendor Assessment, Virtual Assessment

A risk-based determination of whether - and how - to conduct remote assessments of vendors Expert Contributors:  Angela Dogan and Andrew Hout Given how much time and money virtual assessment of vendors can save companies and their third party risk management programs, it may be surprising to ....

How to Manage New Risks; Learn From Experts at the 2015 Shared Assessments Summit

January 26, 2015 | Event, Risk Assessment, Risk Management, Third Party Risk, Third Party Risk Management, Vendor Assessment

Now in its eighth year, the Annual Shared Assessments Summit brings together senior executives who will share best practices and the latest insights on managing third party risk. The theme of the 2015 Summit will be Third Party Risk Assurance: Everything Old is New Again. Click here to register. O ....

Vendor Risk Assessment: How Often is Often Enough?

by Sabine Zimmer | September 25, 2013 | Vendor Assessment

The need to go beyond calendar based assessments. The frequency of vendor risk assessments is generally driven by the level of risk associated with the type of services provided by the vendor. A good approach for companies to follow is the approach taken by most financial institutions who revie ....

The SIG – The Swiss Army Knife of Risk Assessment

September 3, 2013 | On-site Assessment, Outsourcing, Vendor Assessment

In 2005, the Shared Assessments program was born to serve the financial services industry and its major service providers. The intent was to achieve economies of scale by sharing the expense and time in conducting on-site assessments.  A group representing six major banks and the Big Four accountin ....

How Shared Assessment Is Helpful If You’re ISO-27001 Certified

August 13, 2013 | Vendor Assessment

I find it interesting that most people look at security frameworks as an either/or proposition. Should I use SOC2 or ISO-27001 or FedRAMP? I think the better question is how can I use multiple different security frameworks to my advantage? Recently during an Information Security Management Syste ....