Press Releases

Press Releases


Shared Assessments Introduces 2021 Third Party Risk Management Toolkit

Expanded Third Party Tools for changing risk and updated content in areas of cybersecurity, supply chain risk, privacy, data governance and resilience.


SANTA FE, NM, September 29, 2020 – The Shared Assessments Program, the member-driven leader in third party risk assurance, has issued the 2021 Shared Assessments Third Party Risk Management Toolkit. Thousands of organizations around the world rely on the Toolkit to meet evolving regulatory compliance demands and address vendor risk.


2020 has brought unique risk challenges that have significantly shifted the focus of risk managers. Operational risks emerged with the pandemic, with major shifts to work from home security and service availability issues, vendor stability, and socioeconomic uncertainty. The 2021 Toolkit responds to these challenges with expanded controls around resilience, privacy, data governance, data loss and remote risk. The Tools have also been updated to allow more automation and collaboration among teams.


This new 2021 edition is considered by risk management professionals to be an invaluable resource.
“The Shared Assessments Toolkit is foundational in the area of third party risk,” said Ron Bradley, Director, Cybersecurity Risk Management, Trane Technologies. “Third party risk managers rely on tools, such as the SIG and the SCA to gather, assess, and verify controls with ease and efficiency.”


The Toolkit was developed based on the experience of over 300 member organizations and the thousands of organizations they serve to develop and maintain comprehensive tools for third party risk management.


“2020 has a been a monumental year for risk managers – increased instability of the critical vendors has only emphasized the strategic importance of a mature third party risk program,” said The Santa Fe Group CEO, David Perez. “The Toolkit incorporates these risks and others identified by our membership. These tools along with our suite of best practices are essential to helping organizations build program assurance.”


New this year, the 2021 Toolkit is accompanied by online workshops to help members and subscribers optimize the Tool value.


The 2021 Toolkit includes:

  • Vendor Risk Management Maturity Model (VRMMM) Benchmark Tools: Evaluates third party risk assessment programs against a comprehensive set of more than 200 best practices. VRMMM Benchmark Tools are free and available at:
  • Standardized Information Gathering (SIG) Questionnaire ToolsEmploys industry best practices for gathering and assessing 18 critical risk. The SIG serves as the “trust” component for outsourcers who wish to use industry-vetted questions on a service provider’s controls.
  • Standardized Control Assessment (SCA) Procedure Tools: Assists risk professionals in performing onsite or virtual assessments of vendors. This is the “verify” component of third party risk programs.
  • Third Party Privacy Tools: Built to track requirements from various privacy regulations, including CCPA. The TDT serves as a project management tool that streamlines the collection of information for data flows, and third party disclosures. Free Target Data Tracker is available:  


webinar will be held on October 6, 2:00 pm ET to review the new controls and functionality of the 2021 Third Party Risk Management Toolkit.


About the Shared Assessments Program


As the only organization that has developed standardized resources to bring efficiencies to the market for more than a decade, the Shared Assessments Program is the trusted source in third party risk assurance. Shared Assessments offers opportunities for members to address global risk challenges through committees and special projects. Join the dialog with peer companies and learn how you can optimize your compliance programs while building a more risk-sensitive environment in your organization.


For more information, go to 


Media Requests

Media Relations
(505) 466-6434

Media Kit to request a media kit.