Shared Assessments finished the 2016 year with 85 new members, a 25% increase over 2015. We closed out the year with a total of 226 members, showing continuing year-over-year growth in the commitment of organizations to improving third party risk management and advancing best practices worldwide.
We’ve come a long way together since Shared Assessments was founded in 2006, when we set out to ease the burden on both outsourcers and third parties by streamlining the cumbersome evaluation process and creating a proven industry standard. Today the Shared Assessments Program’s membership is industry agnostic as companies from across the globe in a variety of industries have adopted the Shared Assessments standards.
The year’s highlights include:
2016 Shared Assessments Summit
The Ninth Annual Shared Assessments Summit was held May 18-19, 2016 in Baltimore, MD. The pre-Summit workshops drew more than 100 attendees. And, in keeping with our efforts to recognize the industry champions who are joining together to minimize risk and make our world a safer place to do business, we celebrated several of our members who have accomplished so much in our shared quest to continue reducing risk and growing the Shared Assessments Program. You can read more about the Summit here.
International Expansion
In 2016, Shared Assessments expanded its international footprint by working with leaders in the heavily regulated Singapore market to involve them in building best practices for third party risk. Additional roundtables, conference participation and sponsorships were developed in 2016 and will be expanded throughout the UK and Singapore in 2017.
Industry Roundtables
This past year, Shared Assessments convened our members and other thought leaders, providing a venue for:
Shared Assessments convened and/or participated in the following industry roundtables:
2016 Studies and Papers
Member participation in various Committees and Awareness Groups increased drastically in 2016. For instance, the Best Practices Awareness Group increased to over 70 committee members, an increase of 84%. Each of the papers listed below were released in 2016 by Shared Assessments member volunteers and partner member organizations, who also participated in the monthly Member Forum webinars on each of these topics:
Shared Assessments Certified Third Party Risk Professional Certification
In 2016, 10 CTPRP in-person workshops were offered. Our Certified Third Party Risk Professional (CTPRP) certification has now trained more than 500 CTPRP certification holders. A new Associate CTPRP designation is now available, announced in September 2016, which is awarded to individuals who have successfully completed the full CTPRP training, yet lack the requisite five-year work experience for the full CTPRP certification. In 2017, we will announce the ability to participate in online CTPRP training opportunities and are expanding CTPRP in-person workshops internationally.
Updated 2017 Program Tools
Shared Assessments Program Tools help organizations create sustainable, organization-wide efficiencies in today’s high risk environment. The tools, which are foundational elements for risk management program assessment and evaluation of third party service provider cybersecurity, IT, privacy, data security and business resiliency controls, are: Standardized Information Gathering (SIG) questionnaire; Agreed Upon Procedures (AUP), a tool for standardized onsite assessments; and the Vendor Risk Management Maturity Model (VRMMM).
The Shared Assessments Program maintains its status as the trusted source for industry standard third party risk assurance leadership, in part through regular identification of modifications in domestic and international regulations, industry standards and guidelines and the emergence of new risks. Evaluation of pertinent changes to the Program Tools is made on an ongoing basis against tool content and related updates. It is the partnership between Shared Assessments and member organizations, which creates the essential industry leadership that helps our members to meet the surge in regulatory, consumer and business scrutiny within the constant landscape of cyber and other security threats and vulnerabilities.
These updated tools respond to the many cybersecurity and other third party risk management issues that are at the forefront of everyone’s concerns. Changes to the 2017 Program Tools reflect US and International regulatory changes and guidelines, as well as industry specific standards and best practices for gathering and assessing cybersecurity, IT, privacy, data security and business resiliency in an information technology environment to provide a complete picture of service provider controls, with scoring capability for response analysis and reporting.
On the Horizon for 2017
Shared Assessments will continue to provide a professional platform for examining and resolving the critical issues as they emerge in the evolving third party risk landscape, including managing for risk rather than compliance, optimizing third party risk mitigation and leveraging resilience to ensure positive outcomes. Members can sign up to participate in our 2017 initiatives by completing our “request to participate.” More information about each activity and to sign up you can go here.
Deliverables from the working groups and supporting staff from The Santa Fe Group include publications, research studies, speaking opportunities, webinars and podcasts, events and meetings, social media input, and consulting and advisory services. The CTPRP Program will seek to expand its offerings by providing online training opportunities, SIG and AUP master-level course additions and a Certified Third Party Risk Assessor (CTPRA) certification.
2017 committee initiatives include:
Jenny Burke, is a Senior Vice President for Marketing and Communications with The Santa Fe Group, with key responsibilities that include advancing strategy to increase awareness of the Shared Assessments program, grow memberships, improve tool adoption and communicate all the combined efforts of our staff and members. Prior to joining The Santa Fe Group, she has worked both as an independent marketing consultant and in private industry in branding, digital strategy, website redesign, content management and social media for a variety of software, consumer and website clients. Connect with Jenny on LinkedIn.