PRESS RELEASE
Contact: Lisa MacKenzie, MacKenzie Marketing Group, 503-705-3508,
lisam@mackenzie-marketing.com or Kelly Stremel, kellys@mackenzie-marketing.com
Santa Fe, NM — January 14, 2015 — The recent flood of high-profile data breaches and an avalanche of new regulations are in the spotlight for 2015. Doing business in an outsourced economy requires organizations to implement robust, tested strategies and processes, with tools to evaluate vendor risk and manage the security of sensitive data that is accessed or used by third parties. Newly updated for 2015, the Shared Assessments Program Tools—the Standardized Information Gathering (SIG) questionnaire, Agreed Upon Procedures (AUP), a tool for standardized onsite assessments, and Vendor Risk Management Maturity Model (VRMMM)—help companies ensure their vendors’ data management security controls and practices are rigorously tested, and are in line with their data security practices and standards. These Tools allow risk professionals to rigorously assess and manage third party controls to evaluate IT, privacy, and data security risks, including software application security, Cloud, mobile, and fourth parties.
The Shared Assessments Program Tools are designed for risk management leaders to effectively manage the critical elements of the vendor risk management lifecycle. Together, the SIG and AUP offer a “trust, but verify” approach to conducting third party assessments. Built by Shared Assessments members representing financial services, insurance, brokerage, healthcare, retail, and telecommunications, the Shared Assessments Program Tools are based on international, federal, and industry standards in order to ensure sensitive outsourced data—such as personally identifiable information (PII) and protected health information (PHI), intellectual property, and financial information—is protected. The standards include ISO-27001/27002, PCI DSS, HIPAA/HITECH, COBIT, NIST, Federal Reserve, Office of the Comptroller of the Currency OCC-2013-29, and FFIEC guidance.
Collaborative Efficiencies in Today’s High Risk Environment
“Our Tools empower risk professionals to move from risk management to risk assurance,” said Robin Slade, executive vice president and chief operating officer, The Santa Fe Group. “Our members are faced with complex oversight of third parties and look to the Shared Assessments collective community for innovative and tested approaches and best practices to create efficiencies and cost savings in vendor management. With these updates, the Shared Assessments Program Tools now offer greater assessment depth; can be leveraged by competent internal staff or independent assessment firms; and can be used internationally. Top-tier financial services organizations are now using our Program Tools to conduct collaborative onsite assessments with collective third party vendors creating an efficient, and robust methodology to significantly lower the costs for both organizations and their vendors.”
2015 Program Tools Meet the Needs of Risk Managers
The following updates are included in the 2015 release:
Pricing and Availability
The updated Program Tools are available now to all Shared Assessment Members and are included in the annual membership fee. Membership provides opportunities to deepen vendor risk management expertise through members-only meetings, events, teleconferences and regular cross-industry working groups that discuss best practices, new standards and guidelines, and the regulatory climate.
Non-members can purchase the Shared Assessment Tools either as a bundle or separately by visiting ,a href=”https://sharedassessments.org/store/”>https://sharedassessments.org/store/.
“Third party risk management is a priority for industry executives and as a result, the Shared Assessments Program will continue to be at the forefront of third party risk trends, helping companies stay on top of emerging risks and regulatory requirements,” said Tom Garrubba, MIS, CISA, CRISC, CIPT, CTPRP, senior director, the Santa Fe Group and Shared Assessments Program. “The education gained through participation in our Program will help foster internal and board-level conversations on the importance of managing third party risk.”
About the Shared Assessments Program
The Shared Assessments Program is the trusted source for third party risk management with resources, including tools and best practices, to effectively manage the critical elements of the vendor risk management lifecycle. Members represent a collaborative, global, peer community of information security, privacy, and third party risk management leaders in industries including financial services, insurance, brokerage, healthcare, retail, and telecommunications. The Certified Third Party Risk Professional (CTPRP) certification program, membership, and use of the Shared Assessments Program Tools, ensure organizations stay current with the threat and risk environment, including regulations, industry standards, and guidelines. Shared Assessments provides organizations and their service providers the rigorous controls needed for IT, data security, privacy, and business continuity. The Shared Assessments Program is managed by The Santa Fe Group (www.santa-fe-group.com), a strategic consulting company based in Santa Fe, New Mexico. On the web at www.sharedassessments.org.