Shared Assessments Updated 2017 Program Tools

Tools That Empower Vendor Management Confidence
Shared Assessments responds directly to the dynamic landscape of third party risk management with the annual update of its Program Tools. The Tools serve organizations, regardless of size and industry, helping them navigate the constantly evolving landscape of cyber and other security threats at both the national and international level and also to meet the recent surge in regulatory, consumer and business scrutiny. We are pleased to announce that the 2017 Program Tools will be released mid-November.

The Program Tools are an important component of the Shared Assessments third party risk management framework, which helps organizations manage the full lifecycle of a third party relationship – from planning for a third party engagement, due diligence and vendor selection, contract negotiations, ongoing and continuous monitoring to termination. These Tools embody a “trust, but verify” approach for conducting third party risk management assessments and use a substantiation-based, standardized, efficient methodology.

Shared Assessments Program Tools are:

  • Standardized Information Gathering (SIG) questionnaire remote assessment;
  • Agreed Upon Procedures (AUP) for performing onsite assessments; and
  • Vendor Risk Management Maturity Model (VRMMM) for evaluating programs against a comprehensive set of best practices.

While each Program Tool may be used independently, the combined value of the Tools provides maximum protection from third party risks, allowing risk management professionals to respond to the relentless pace and shifting nature of cyber security threats and vulnerabilities associated with rapidly changing outsourcing, Cloud, mobile and fourth party security issues.

The Tools are designed to be tailored to an organization’s unique application of regulations, divisional needs and risk appetites. Shared Assessments keeps a close eye on emergent risks, as well as emerging regulations, guidelines and standards for the wide range of industries that our members represent, such as: the proposed changes to the U.S. Cyber Consequences Unit (CCU) Free Cybersecurity Matrix Tool; New York State’s proposed requirements for banks, insurance companies, and other financial services institutions; and the OCC’s request for comments on its proposed Enhanced Cyber Risk Management Standards and its request for comments on Responsible Innovation in Banking.

All of the updated Program Tools will be available to all Shared Assessments Members and are included in the annual membership fee. Membership provides opportunities to deepen vendor risk management expertise through members-only meetings, events, teleconferences and regular cross-industry working groups that discuss best practices, new standards and guidelines and the regulatory climate. Non-members are able to purchase the Shared Assessments Tools, either as a bundle or separately, by visiting