Blogpost

Updated 2016 Shared Assessments Program Tools

Tools for Collaborative Efficiency in Today’s High Risk Environment

Shared Assessments Program Tools are designed for the dynamic global landscape of third party risk management. Our members face complex oversight issues for which the Shared Assessments community provides up-to-date, innovative and tested standards and best practices, creating efficiencies and improving assurance relating to vendor risk management. The just released 2016 Program Tool updates offer even greater depth for assessment.

The Program Tools, which are designed and built by Shared Assessments members, incorporate the needs of risk management professionals to evaluate rapidly increasing threats and vulnerabilities. Tools are updated annually to ensure they are kept in line with the most recent changes in industry regulations, standards and guidelines at both the national and international level. The 2016 AUP updates are also informed by the collective intelligence of the Shared Assessments members during the Shared Assessments AUP Collaborative Onsite Assessments (COA) Project.

Our Program Tools allow professionals at all levels of risk management to move from risk management to risk assurance by effectively administering the critical elements of the vendor risk management lifecycle. Together, the tools offer a “trust, but verify” approach to conducting third party assessments through implementation of standardized, robust, tested strategies and processes, which can be tailored to an organization’s unique interpretation of regulations, divisional needs and risk appetites.
The Shared Assessments Program Tools are:

  • Standardized Information Gathering (SIG) questionnaire: Enhancements to the 2016 SIG include alignment with ISO 22301:2012 international standard and the FFIEC Business Continuity Planning Booklet Appendix J: Strengthening the Resilience of Outsourced Technology Services, which addresses cyber resilience. Additional updates include new controls for hardware security, information security, mobile security and new, industry-relevant glossary terminology.
  • Agreed Upon Procedures (AUP), a tool for standardized onsite assessments: The 2016 AUP includes an addendum to allow multiple outsourcers to collaborate and assess the risk controls of a single outsourcer. The AUP, includes the COA addendum, which provides a robust, substantiation-based, standardized, efficient methodology for multiple organizations to assess a single service provider for whom they all share similar services.
  • Vendor Risk Management Maturity Model (VRMMM), vendor risk management best practices in a usable model: New enhancements to the 2016 VRMMM include updates to align with the FFIEC Business Continuity Planning Booklet Appendix J: Strengthening the Resilience of Outsourced Technology Services, which addresses cyber resilience.

These assessment tools serve organizations regardless of size and industry and address outsourcing, Cloud, mobile and third and fourth party security issues. The updated Program Tools are available now to all Shared Assessments Members and are included in the annual membership fee. Non-members can purchase the Shared Assessments Tools, either as a bundle or separately, by visiting https://sharedassessments.org/store/.