Member Projects and Activities

Shared Assessments offer opportunities for members to address global risk management challenges through committees, awareness groups, and special projects/interest groups.

Our members are national and international organizations of all sizes that understand the value of leveraging the knowledge of their risk management peers in the development and management of best-in-class third-party risk management programs. They are leaders in their industries and members of a global community of risk management professionals working together to keep the Shared Assessments Program Tools at the forefront of third-party risk management practices.

One of the primary reasons the Shared Assessments Program Tools have been able to maintain their status as the industry standard for third-party risk assurance is that they are maintained by the very risk professionals who specialize in third-party risk management issues.

Working and Awareness Groups

Shared Assessments members are a community of national and international industry leaders and risk management professionals whose thought leadership has collectively brought Shared Assessments to the forefront of third-party risk management practices.

BEST PRACTICES FOR THIRD-PARTY RISK MANAGEMENT & ASSURANCE AWARENESS GROUP

Meets bi-monthly, 2nd Wednesday, 11:00am – 12:30pm ET

This group examines the challenges organizations face in managing third-party risk and identifies existing best and emerging practices. Examples of previously examined topics include complex supply chains, fourth party management, third-party contract development, risk rating, and assessment scoping.

The work product of this group includes briefing and white papers, practitioner guidelines, industry call to action pieces, and blogs that enhance TPRM practice. This group coordinates with the tool development committees when appropriate.

Note: For Shared Assessments members only.

CONTINUOUS MONITORING WORKING GROUP

Meets bi-monthly, 3rd Tuesday, 11:00am – 12:00pm ET

This group identifies and documents best practices for continuous monitoring, focusing on people, process, and technology considerations. Key areas of inquiry include predictive forecasting, controls, and agile response processes that include cyber, financial, location, and other key indicators.

The proliferation of new technology solutions is having a profound effect on the TPRM environment, given the increasing size, complexity, and integration of new technologies and heightened risk exposure across third-party and supply chain ecosystems.

Members are focused on best and emerging best practices in this arena in response to the shifting threat environment.

Note: For Shared Assessments members only

REGULATORY COMPLIANCE & AUDITS AWARENESS GROUP

Meets bi-monthly, 2nd Thursday, 11:00am – 12:30pm ET

This group examines the quickly evolving and ever more complex regulatory landscape. The overall compliance/audit environment is seeing changes in key areas affecting outsourcing relationships. Topics dominating the regulatory discussion papers and recent regulations include cloud, IoT, concentration risk, complex supply chains, resilience, inventories, due diligence access, and how those rules harmonize or diverge globally.

This group regularly invites speakers on relevant topics, and as thought leaders, publishes member-driven white papers on regulatory-related topics. It also reviews, discusses, and where appropriate responds to, draft third-party regulatory guidance and rules. Where appropriate, the group makes recommendations for the TPRM Toolkit enhancements and participates in developing papers, blogs, and other resources pertinent for third-party assessment tools that address consumer protection, operational risk, and regulatory compliance monitoring.

Note: For Shared Assessments members only

EMERGING TECHNOLOGY WORKING GROUP

Meets bi-monthly, 4th Tuesday, 11:00am – 12:00pm ET

This group examines the enabling, integration, challenges, opportunities, and solutions posed by emerging technologies including: Internet of Things, Machine Learning, Artificial Intelligence, Cloud, 5G, Distributed Ledgers (Blockchain), and Cryptocurrencies.

Advances in technology can fuel heightened productivity, important product development, and enhance the ability to meet business objectives. New and emerging technologies supporting digital transformation across all sectors are rapidly changing the risk landscape for organizations and third parties.

Note: For Shared Assessments members only

Vertical Strategy Groups

Open to Shared Assessments Members and Non-Members – Restrictions are noted.

In our continuing effort to meet the needs of our diverse Shared Assessments membership, we have created specific vertical strategy groups (VSGs). As additional VSGs are added, members will be notified to participate.

We allow participation in our VSGs for companies that are not Shared Assessments members to ensure we are taking a comprehensive look at the needs of specific verticals. Non-member participation is limited to one year from the date of signature of the VSG Rules of Participation agreement. No other benefits of membership, including access to the Program Toolkit, are provided to non-members.

Who serves on Vertical Strategy Groups? 

Members and non-members of Shared Assessments are welcome to participate in our VSGs to ensure we are taking a comprehensive look at the needs of specific verticals. Non-member participation is limited to one year and no other benefits of membership, including access to the TPRM Toolkit, are provided.

Experienced executives facilitate industry community discussions of the most pressing Third-Party Risk Management (TPRM) challenges and seek to:

  • Serve as a forum for identifying, understanding, and supporting TPRM programs.
  • Address the expanding frequency/scope of control assessments, including risks associated with cybersecurity, information security, business resiliency, physical security, and operational procedures.
  • Develop and publish targeted blogs, white papers, and other best practices resources.
  • Improve industry opportunities for TPRM efficiencies and cost savings.
FINANCIAL SERVICES VERTICAL STRATEGY GROUP

Meets bi-monthly, 2nd Thursday, 4:00pm – 5:30pm ET

This group nurtures a trusted network of Asset Management and Financial Institution industry professionals who deal with key business processes related to the management of third parties, including but not limited to governance, procurement, third-party risk, finance, control validation, and policy. Group members collaborate and address challenges, risk trends, regulatory changes, technology solutions, and best practices related to the third party lifecycle.

Note: Non-members of Shared Assessments are welcome to participate for one year in this group. No other benefits of Shared Assessments membership will be conveyed through non-member participation.

INSURANCE VERTICAL STRATEGY GROUP

Meets bi-monthly, 3rd Thursday, 10:30am – 12:00pm ET

Open to Insurance (Property and Casualty, and Life) Firms Only.

This group exchanges ideas, shares best practices and identifies collaboration opportunities related to insurance-specific TPRM needs. Group members recognize the expanding risk landscape, the complexity of nth party relationships, the impact of climate changes on complex supply chains, and regulatory requirements for insurance firms.

Note: Non-members of Shared Assessments are welcome to participate for one year in this group. No other benefits of Shared Assessments membership will be conveyed through non-member participation.

Cross Vertical Strategy Groups

Members and Non-members of Shared Assessments are welcome to participate in our Cross Vertical Strategy Groups to ensure we are taking a comprehensive look at the needs across industries on Third-Party Risk Management (TPRM) hot topics. Experienced third-party practitioners facilitate community discussions of the most pressing TPRM challenges.

Non-member participation is limited to one year and no other benefits of Shared Assessments membership, including access to the TPRM Toolkit, are provided.

    ESG (ENVIRONMENTAL, SOCIAL, and GOVERNANCE) TPRM STRATEGY GROUP

    Meets bi-monthly, 3rd Thursday, 10:00am – 11:30am ET (3:00pm – 4:30pm GMT+1)

    This group focuses on mature third-party risk management sustainability practices in today’s fast-paced ESG arena. Participants from all organizations with an ESG third party risk agenda, no matter what level of ESG TPRM experience are welcome.

    This Committee has an educational focus, and informs members about ESG frameworks, policies, metrics, procedures, regulations, etc. This group is a forum for participants with extensive experience to share their insights with those organizations just beginning their ESG journeys. Outside experts share their experience and insights to provide essential sustainability context.

    Note: Non-members of Shared Assessments are welcome to participate in this group for one year. No other benefits of Shared Assessments membership will be conveyed through non-member participation.

    PROCUREMENT & SOURCING STRATEGY GROUP

    Meets bi-monthly, 4th Wednesday, 10:00am – 11:00am ET (3:00pm – 4:00pm GMT+1)

    This group identifies and documents best practices for establishing relationships, centralizing a vendor inventory/registry, and streamlining the vendor onboarding process focusing on people, process, and technology considerations. Key areas of inquiry include relationship building with the various departments interfacing with third-party risk management, central predictive forecasting, controls, and agile response processes that include cyber, financial, location, and other key indicators. The partnership between third-party risk management, procurement, and the business unit is paramount to allowing new and existing vendor relationships to operate and flourish in a secure manner.

    Members focus on existing and emerging best practices in this arena in response to the shifting threat environment.

    Note: Non-members of Shared Assessments are welcome to participate for one year in this group. No other benefits of Shared Assessments membership will be conveyed through non-member participation.

    UK-EU TPRM STRATEGIES GROUP

    Meets bi-monthly, 4th Thursday, 10:00am – 11:00am ET (3:00pm – 4:00pm GMT+1)

    This group focuses on the existing and emerging challenges that organizations are experiencing in managing third-party risk in this region and worldwide. Participants examine and document existing successful strategies in use today and identify emerging best practices to address TPRM challenges.

    Topics of focus include operational resilience and cascading risk, supply chain stability, financial ratings, and related top-of-mind issues. Coordination with other Shared Assessments committees occurs where appropriate to achieve a broader perspective. Examples of deliverables by this group include briefing papers, industry call to action pieces, practitioner guidelines and checklists, and other resources that enhance the practice of third-party risk management.

    Note: Non-members of Shared Assessments are welcome to participate for one year in this group. No other benefits of Shared Assessments membership will be conveyed through non-member participation.

    Tool Development Committees

    The primary mission of the Tool Development Committees is to ensure that the Shared Assessments Program standardized tools (SIG, SCA, Data Governance (TDT) and VRMMM) are relevant and thorough, respond to a range of new and emerging US and international guidelines for privacy, information and data security, and business continuity. All committees are conducted under the direction and oversight of the Shared Assessments Steering Committee. The Steering Committee, with input from each committee chair, establishes the annual initiatives and helps prioritize their efforts.

    Who Serves on the Tool Development Committees?

    Tool Development Committee participants play an important leadership role in the Shared Assessments Program. All Shared Assessment members are invited to serve on one or more committees and groups. Tool Development Committee members are subject matter experts and other risk management leaders from a range of industries.

    • Engagement in a global community of risk management and information technology professionals.
    • Professional development opportunities.
    • Collaboration with industry peers on challenging issues in information and data security, data governance, and business continuity.
    STANDARDIZED INFORMATION GATHERING (SIG) COMMITTEE & STANDARDIZED CONTROL ASSESSMENT (SCA) COMMITTEE

    Meets monthly, 4th Thursday, 12:00pm ET

    The SIG+SCA Committee is responsible for developing the content and functionality of the SIG Questionnaire Tools and SCA Procedure Tools. The SIG Questionnaire Tools are a set of comprehensive questionnaire management tools that lets organizations build, customize, store, and automatically analyze questionnaires and related evidence. The SCA (Standardized Control Assessment) Tools are a set of procedures providing risk professionals with resources to plan, scope, and perform third-party risk assessments.

    The committee’s goal is to ensure the SIG Questionnaire Tools and SCA Procedures Tools are always relevant to diverse industries and current with the latest industry regulations, standards, and leading practices as related to information and cyber security, data governance, resiliency, risk management, and other technology and compliance matters. The SIG+SCA Committee maintains alignment with these external references and the rest of the Third-Party Risk Management Toolkit.

    DATA GOVERNANCE COMMITTEE

    Meets bi-monthly, 3rd Wednesday, 11:00am ET

    The Data Governance Committee (formerly Privacy) will address challenges with specific data protection obligations in third party risk that organizations face in managing data governance risks and compliance by communicating changes in domestic and international data regulations. Given the pace and complexity of data protection regulations, Data Governance Committee will navigate and address data governance in third party relationships.

    The Data Governance Committee will continue to grow by including the requirements from various privacy regulations and framework updates, including CCPA. In doing this the committee will be responsible for developing the content and functionality of the TPRM Toolkit components that are related to Data Governance management, including our Privacy Tools and the privacy section of the SIG Questionnaire and SCA Procedures.

    The Data Governance Committee will also host presentations and produces briefing papers, blogs, and other publications on topics of interest relevant to Data Governance.

    VENDOR RISK MANAGEMENT MATURITY MODEL (VRMMM) COMMITTEE

    Meets bi-monthly, 3rd Thursday, 12:00pm ET

    The VRMMM Committee is responsible for developing and updating the content and functionality of the VRMMM Benchmark Tools. The VRMMM Benchmark Tools incorporate the most essential vendor risk management practices into an actionable model that can be leveraged to assess the current and desired future state of an organization’s vendor risk management program.

    Practitioners can utilize the VRMMM to make well-informed decisions on how to spend limited resources in ways that allow them to manage vendor-related risks most effectively. The VRMMM Committee ensures benchmarking tools and surveys maintain relevance for diverse industries and reflect the most current Third-Party Risk Management regulations, standards, and leading practices.

    CONTENT GOVERNANCE COMMITTEE (CGC)

    Meets monthly, 2nd Thursday, 12:00pm ET

    The CGC Committee meets every second Thursday of the month, and its purpose is to provide content recommendations and development, priorities, maintain content for the SIG Content library, SCA, and VRMMM products.

    To goal is to ensure that our Third Party Risk Management (TPRM) toolkits’ content is relevant, timely, based on industry best practices, and maintains alignment with all program materials by evaluating and approving content from Technology Standards and Frameworks, Regulations, Statutes and Laws and Industry Sector Guidance from the mapping team to incorporate into the content library.

    ADDITIONAL INFORMATION

    We do give CPEs for attending Committee Meetings.

    No prerequisite knowledge is required to participate in Committee Meetings

    No advance preparation is required.

    Program Level: Basic

    Delivery Method: Group Internet-Based

    CPEs Earned for Completion: 1*

     *exact CPEs earned per meeting is subject to change. You must attend for the entire duration to be eligible to receive CPE credits. We do not issue partial credit. CPEs are automatically issued based on our attendance data to the name and email address used to attend the call. Please note it can take up to 30 days for the CPE credit(s) to be issued.

      To Participate

      To participate in any of these committees or groups, click button below, or email info@sharedassessments.org.