Press Release

Shared Assessments Program Publishes New Best Practices Briefing Paper to Address Serious Need for Third Party Incident Management

For Immediate Release

Sarah Perry, Senior Marketing Manager
Santa Fe Group
O: 602-441-1769

Kathy Keller, Director, PR
O: 650-234-6252

Shared Assessments Program Publishes New Best Practices Briefing Paper to Address Serious Need for Third Party Incident Management.

Shared Assessments Program Chair, Jonathan Dambrot, CEO and Co-Founder, Prevalent, Inc., to lead a December 9th webinar discussion with three of the authors of a new best practices briefing paper for effective incident event management.

Santa Fe, NM – December 8, 2015 – Effective third party due diligence demands a higher level of review than is presently being performed by most organizations. Yet, coordinated and active vendor involvement is lacking in many outsourcing organizations’ incident event management programs. Even in the 43 percent of organizations that report a formal incident program is in place, only 9 percent of incident management professionals deem theirs to be “very effective” (SANS Institute, 2014). A new briefing paper by the Shared Assessments Program, developed in response to the need for improved third party incident response management, will be released on December 9, 2015 in conjunction with a complimentary webinar taking place at 8:00 a.m. (PST).

Today’s incident response professionals are seeking to improve organizational analysis and reporting capacity by focusing on use of Security Information and Event Management (SIEM) tools. Shared Assessments is leading the way in determining best practice tools for planning and program development that will enable organizations to:

  • Establish and maintain a coherent, incident response program of planning, preparation, execution, reporting, and remediation control.
  • Improve outcomes through a higher level of preparation against increasingly inevitable incidents.
  • Better protect their reputation by having a mature response process that involves third parties.

“We hope incident response professionals will take advantage of the best practices put forth in our new briefing paper and the insights that will be shared during our webinar,” said Dambrot, moderator of the webinar.

The briefing paper, titled Building Best Practices for Effective Monitoring of a Third Party’s Incident Event Management Program, will be made available to those individuals who attend the December 9 webinar. Three of the paper’s co-authors, who are subject-matter experts in their respective fields, will serve as guest speakers during the 8:00 a.m. (PST) webinar. They are:

      Brenda Ward, Director of Global Security, Aetna.
      Rocco Grillo, Managing Director and Global Leader of Forensics and Incident Response, Protiviti.
      Ted Julian, Co-founder and Vice President of Product Management, Resilient Systems.

With the evolving cyber threat environment, and the resulting regulatory scrutiny, companies need to ensure continually that their third party suppliers and business partners who are entrusted with all types of critical assets – often called a company’s ‘crown jewels’ are vigilant in protecting those assets. To this end, third party service providers must have their own mature incident response plans that are not only comprehensive but battle-tested as well,” said Grillo.

The webinar presenters will discuss and outline a newly developed, robust risk management guide that provides a clean, consistent methodology for the assessment of incident preparedness, incident management and post incident recovery. The model contains a defined means for protecting data, consumers and the outsourcing relationship. Step-by-step guidelines can be tailored to each relationship depending on vendor type.

To register for the one-hour webinar and then receive the briefing paper, please click here. The complimentary webinar is open to the general public.

About Shared Assessments
The Shared Assessments Program is the trusted source in global third party risk management, with resources to effectively manage the critical components of the vendor risk management lifecycle; creating efficiencies and lowering costs for all participants; kept current with regulations, industry standards and guidelines, and the current threat environment; adopted globally across a broad range of industries both by service providers and their customers. Through membership and use of the Shared Assessments Program Tools (the Agreed Upon Procedures (AUP), Standardized Information Gathering (SIG) questionnaire and Vendor Risk Management Maturity Model (VRMMM)), Shared Assessments offers companies and their service providers a faster, more efficient and less costly means of conducting rigorous assessments of controls for IT and data security, privacy and business continuity. The Shared Assessments Program is managed by The
Santa Fe Group (, a strategic advisory company based in Santa Fe, New Mexico. For more information on Shared Assessments, please visit

About Protiviti Inc.
Protiviti ( is a global business consulting and internal audit firm composed of experts specializing in risk, advisory and transaction services. Protiviti and its independently owned Member Firms serve clients through a network of more than 70 locations in over 20 countries, helping them solve problems on a wide range of critical business issues, including finance and transactions, operations, technology, litigation, governance, risk, and compliance.

About Prevalent, Inc.
Prevalent ( is a vendor risk management and cyber threat intelligence analytics innovator with a reputation for developing cutting-edge technologies and highly-automated services that are proven to help organizations reduce, manage and monitor the security threats and risks associated with third party vendors.