Working and Awareness Groups
Shared Assessments members are a community of national and international industry leaders and risk management professionals whose thought leadership has collectively brought Shared Assessments to the forefront of third party risk management practices.
CONTINUOUS MONITORING WORKING GROUP
Meets bi-monthly, 3rd Tuesday, 11:00am ET
The Continuous Monitoring Working Group identifies and documents best practices for continuous monitoring, focusing on people, process, and technology considerations. Key areas of inquiry include predictive forecasting, controls, and agile response processes that include cyber, financial, location, and other key indicators. Proliferation of new technology is having a profound effect on the TPRM environment, given the increasing size, complexity, and integration of new technologies and heightened risk exposure across third party and supply chain ecosystems. Members are focused on best and emerging best practices in this arena in response to the shifting threat environment.
OPERATIONAL / INDUSTRIAL TECHNOLOGY RISK MANAGEMENT (OITRM) WORKING GROUP
Meets bi-monthly, 4th Wednesday, 11:00am ET
The OITRM group discusses the challenges and solutions organizations face and use in managing Operational/Industrial Technology (OIT) risks to identify today’s existing best practices and develop new best practices to address those challenges. This group focuses on developing methods for standardizing risk assessments and communications around OIT due diligence activities. Examples include assessing compliance with standards, regulations, and frameworks (such as NERC CIP, NIST SP 800-82, and CPNI SICS); assessing co-manufacturers; managing the divergence and convergence of Information Technology (IT) and OIT; securing Internet of Things (IoT) technologies; and addressing supply chain cybersecurity risks.
REGULATORY COMPLIANCE & AUDITS AWARENESS GROUP
Meets bi-monthly, 2nd Thursday, 11:00am – 12:30pm ET
This group examines the quickly evolving and ever more complex regulatory landscape. The overall compliance/audit environment is seeing changes in key areas affecting outsourcing relationships. Topics dominating the regulatory discussion papers and recent regulations include cloud, IoT, concentration risk, complex supply chains, resilience, inventories, due diligence access, and how those rules harmonize or diverge globally.
This group regularly invites speakers on relevant topics, and as thought leaders, publishes member-driven white papers on regulatory-related topics. It also reviews, discusses, and where appropriate responds to, draft third party regulatory guidance and rules. Where appropriate, the group makes recommendations for the TPRM Toolkit enhancements and participates in developing papers, blogs, and other resources pertinent for third party assessment tools that address consumer protection, operational risk, and regulatory compliance monitoring.
UK-EU TPRM STRATEGIES GROUP
Meets bi-monthly, 4th Thursday, 3:00pm – 4:30pm GMT+1 (10:00am-11:30am ET)
This group focuses on the existing and emerging challenges that organizations are experiencing in managing third party risk in this region and worldwide. Participants examine and document existing successful strategies in use today, and identify emerging best practices to address TPRM challenges. Topics of focus include operational resilience and cascade risk, including stability of supply chain, financial ratings, and related top of mind issues. Coordination with other Shared Assessments committees occur where appropriate to achieve a broader perspective. Examples of deliverables by this group include briefing papers, industry call to action pieces, practitioner guidelines and checklists, and other resources that enhance the practice of third party risk management.
Participation is invited from the practitioner to the organization TPRM lead in these regions. Non-members of Shared Assessments are welcome to participate for one year in this group. No other benefits of Shared Assessments membership will be conveyed through non-member participation.
BEST PRACTICES FOR THIRD PARTY RISK MANAGEMENT & ASSURANCE AWARENESS GROUP
Meets bi-monthly, 2nd Wednesday, 11:00am – 12:30pm ET
This group examines challenges organizations face in managing third party risk and identifies existing best and emerging practices. Examples of previously examined topics include: complex supply chains; fourth party management; third party contract development, adherence and management; risk rating; and assessment scoping. The work product of this group includes briefing and white papers, practitioner guidelines, industry call to action pieces, and blogs that enhance TPRM practice. The group coordinates with the tool development committees when appropriate.
Vertical Strategy Groups
Open to Shared Assessments Members and Non-Members – restrictions are noted.
In our continuing effort to meet the needs of our diverse Shared Assessments membership, we have created specific Vertical Strategy Groups (VSGs). As additional VSGs are added, members will be invited to participate.
Who serves on Vertical Strategy Groups?
Members and non-members or Shared Assessments are welcome to participate in our VSGs to ensure we are taking a comprehensive look at the needs of specific verticals. Non-member participation is limited to one year and no other benefits of membership, including access to the TPRM Toolkit, are provided.
Experienced executives facilitate industry community discussions of the most pressing Third Party Risk Management (TPRM) challenges and seek to:
- Serve as a forum for identifying, understanding, and supporting TPRM programs.
- Address the expanding frequency/scope of control assessments, including risks associated with cybersecurity, information security, business resiliency, physical security and operational procedures.
- Develop and publish targeted blogs, white papers, and other best practices resources.
- Improve industry opportunities for TPRM efficiencies and cost savings.
FINANCIAL SERVICES VERTICAL STRATEGY GROUP
Meets bi-monthly, 2nd Thursday, 4:00pm-5:30pm ET
Open to Asset Management and Financial Institutions Only
This group nurtures a trusted network of Asset Management and Financial Institution industry professionals who deal with key business processes related to the management of third parties, including but not limited to governance, procurement, third party risk, finance, control validation, and policy. Group members collaborate and address challenges, risk trends, regulatory changes, technology solutions and best practices related to the third party lifecycle.
INSURANCE VERTICAL STRATEGY GROUP
Meets bi-monthly, 3rd Thursday, 10:30am-12:00pm ET
Open to Insurance (Property, Casualty and Life) Firms Only
The goals of the Insurance Vertical Strategy Group include an exchange of ideas, share best practices and identify collaboration opportunities related to insurance-specific TPRM needs. Shared Assessments’ recognizes the expanding risk landscape and regulatory requirements for insurance firms.
Tool Development Committees
The Tool Development Committees ensure that the Shared Assessments standardized TPRM Toolkit (SIG, SCA, Privacy and VRMMM) is relevant, thorough and responds to a range of new and emerging U.S. and international guidelines for privacy, information, data security, and business continuity.
Meets monthly, 3rd Wednesday, 11:00am ET
The Privacy Committee addresses challenges that organizations face in managing privacy risks and compliance by communicating changes in domestic and international regulations. The committee is responsible for developing privacy management content and functionality of the TPRM Toolkit. Privacy management components include the GDPR and CCPA Privacy Tools and Privacy sections of the SIG Questionnaire Tools and SCA Procedure Tools. The committee also hosts presentations and produces briefing papers, blogs, and other publications on topics of interest and relevancy.
STANDARDIZED INFORMATION GATHERING (SIG) COMMITTEE
Meets monthly, 4th Thursday, 12:00pm ET
The SIG Committee is responsible for developing and updating the content and functionality of the SIG Questionnaire Tools. These are a set of comprehensive questionnaire management tools that allow organizations build, customize, store and automatically analyze questionnaires and related evidence all in one place. The committee ensures that the SIG Questionnaire Tools are always relevant to diverse industries and current with the latest industry regulations, standards, and leading practices with reference to information and cyber security, privacy, resiliency, risk management, and other technology and compliance matters. They also maintain alignment with regulations, standards, and guidelines and other components in the TPRM Toolkit.
STANDARDIZED CONTROL ASSESSMENT (SCA) COMMITTEE
Meets monthly, 3rd Tuesday, 12:00pm ET
The SCA Committee is responsible for developing the content and functionality of the SCA Procedure Tools that assist risk professionals in performing effective and efficient onsite or virtual assessments of vendors using standardized methods and procedures. This committee ensures the content of the SCA is relevant and accurate by examining and discussing changes to regulations, industry standards and guidelines, and updating SCA content as needed. Committee members also maintain alignment with regulations, standards, and guidelines and with the other components of the TPRM Toolkit.
VENDOR RISK MANAGEMENT MATURITY MODEL (VRMMM) COMMITTEE
Meets monthly, 3rd Thursday, 12:00pm ET
The VRMMM incorporates the most essential vendor risk management practices into an actionable model that can be leveraged to assess the current and desired future state of an organization’s vendor risk management program. Practitioners can utilize the VRMMM to make well-informed decisions on