The Santa Fe Group elves are working hard to make December great for our members. The Third Party Risk Management Toolkit is expected to drop in mid-December.
We are particularly proud of what the Toolkit will bring our members this year.
Its all in the Name. Calling it a Toolkit reflects how it is used. The tools are designed to work together to follow the typical process a third party risk practitioner would use to implement a program. The Toolkit embodies a “trust, but verify” approach for conducting third party risk management assessments and uses a substantiation-based, standardized methodology.
Our Membership Roots. The Toolkit, like all our resources, was built by the collective intelligence of our diverse membership. The practitioners that came together to create the Toolkit come from different industries, perspectives and sized-companies, but they all share a passion for creating resources that will improve third party assurance.
We Heard You. The major changes in the Toolkit are all about making the tools easier to use. Here are just a few of the new features we are most excited about:
- SIG Content Library – there is no longer a “Full SIG” but rather a Content Library that SIGs are created from. To build a questionnaire, practitioners will select a SIG Core or SIG Lite from within the SIG Management Tool and will scope it from there by industry specific content, authority document, individual questions, control categories and risk tiers. This means that your SIG will be exactly the size you need it to be.
- SIG|SCA Integration – SCA content is now contained within the SIG, so when you scope your SIG you are also scoping your SCA for the accompanying onsite or virtual assessment to go along with the questionnaire.
- New SIG Architecture – Questionnaires are now created from within the SIG Management Tool. Along with streamlined code, this makes the 2019 SIG size smaller, enabling it to run more smoothly and questionnaires to be created more quickly. You now have a choice to create a SIG with all questions in one tab or with a tab for each risk domain.
- Saved Questionnaires – Any SIG questionnaire can be saved as a template to be used or modified later, making it easy to fit existing questionnaires to new vendors.
All of our tools have also received a regulation refresh, taking into account recent national and international regulatory changes. One of the most requested new authority documents, the NIST 800-53r4 is mapped within the SIG.
Stay tuned for the tool release later this month. To make sure you are on our distribution list, or for any questions, please email us.