Shared Assessments responds directly to the dynamic landscape of third party risk management, annually updating its Program Tools to keep them in line with the most recent changes in regulations, standards and guidelines at both the national and international level. The 2016 Program Tools will release next week. These Tools allow risk professionals at outsourcing companies to rigorously test third party IT security, privacy and resiliency risks controls.
- Standardized Information Gathering (SIG) questionnaire.
- Agreed Upon Procedures (AUP), a tool for standardized onsite assessments.
- Vendor Risk Management Maturity Model (VRMMM).
These assessment tools serve organizations at all levels of risk management. In addition to responding to the risks associated with our increasingly outsourced economy, the Tools create sustainable efficiencies around the implementation of standardized, robust, tested strategies and processes.
The Tools incorporate the needs of risk management professionals to evaluate rapidly increasing threats and vulnerabilities, including those posed by third party service providers, software application security and Cloud and mobile use. Use of the Tools provides a tangible gain over the use of proprietary questionnaires, improving organizational risk posture at the service provider level. The Tools can be scoped to an organization’s unique interpretation of divisional needs, guidelines and regulations and risk appetites.
The 2016 Tools have been updated to align with the recent surge in regulatory, consumer and business scrutiny and related business continuity and resiliency requirements. The 2016 AUP updates are also informed by the collective intelligence of the Shared Assessments members during the Shared Assessments AUP Collaborative Onsite Assessments Project.
All of the updated Program Tools will be available soon to all Shared Assessments Members and are included in the annual membership fee. Non-members will be able to purchase the Shared Assessments Tools, either as a bundle or separately, by visiting https://sharedassessments.org/store/. Membership provides opportunities to deepen vendor risk management expertise through members-only meetings, events, teleconferences and regular cross-industry working groups that discuss best practices, new standards and guidelines and the regulatory climate.