On Demand Events

The Shared Assessments Insurance Committee discussed the importance of application-level encryption, with 84% of respondents requiring it. They debated key rotation, with 30% mandating annual rotation. The committee also explored the use of third-party assessments and certifications, noting that 20% accept them fully, while 30% use them partially. The conversation highlighted challenges in managing assessment questionnaires, with typical high-risk assessments ranging from 200 to 300 questions. The meeting concluded with plans to address data minimization efforts, AI programs, and regulatory changes in future meetings.

The meeting discussed the impact of AI regulations on third-party risk management. Key points included a recap of 2024 which included summaries as well as a review of the similarities and differences between the Executive Order, EU AI Act, and UK AI Laws. The panelist then defined AI Systems, AI Deployer, and AI Provider before several use case scenarios were explored on the different impacts these regulations would have on them. Use case examples included AI Deployer of a multinational bank organization with EU operations; : AI Deployer of a US-based Healthcare provider active in the EU Market, and AI Provider of a high-risk AI system. The committee then looked ahead into what might be expected in 2025 & beyond in the US, UK, and EU.

Join Shared Assessments and Mirato as we explore how MARS Incorporated leverages AI to drive impactful efficiencies in their risk management processes. As a global snacking, petcare, food & nutrition company, operating in over 80 countries with a diverse product range, MARS skilfully navigates the complexities of supply chains and vendor networks. By utilizing the Mirato Questionnaire Killer™ (MQK), MARS has significantly reduced assessment time while increasing accuracy. This session offers a real-world AI risk management use case—bring your own Skittles, M&M's, or Snickers!

The Financial Services Committee discussed various topics, including the impact of the Bank of England's ruling on critical third parties, the importance of supply chain & geopolitical risk management, and the FFIEC's updated handbook. Key points included the need for proactive monitoring of critical vendors, leveraging data sources, and understanding the financial stability of vendors. The committee emphasized the importance of aligning third-party risk management programs with regulatory expectations and maintaining up-to-date policies. They also highlighted the necessity of involving senior management and compliance teams in analyzing and addressing regulatory changes to ensure compliance and resilience.

This session will feature an overview of the 2025 Shared Assessments Product Family, focused on Regulatory Mappings: DORA, NIS2, and CSF NIST 2.0. We will review the impact of the new regulatory mappings covered by the Standardized Information Gathering (SIG) Questionnaire and discuss new updates to the TPSIR, such as clarity, weighting, and customizability. We will also preview the new SIG Content Library API.

If the recent CrowdStrike incident taught us anything it's that we need to drastically change how we assess third-party service providers in the face of emerging threats and vulnerabilities. There are too many vendors to assess, compounded by the increasing volume of threats we face each year. On a normal day, TPRM teams already have too much to do. When an incident like this occurs, they need to stop what they're doing and conduct an emergency assessment -- an ugly process that overburdens companies and their vendors, and typically takes weeks, if not months. As a result, companies may remain exposed to vulnerabilities that could eventually result in loss. But does it really have to be that way? Join third party risk experts from ProcessUnity and RiskRecon to discuss best practices and emerging technologies for: • Improving monitoring for critical vulnerabilities to determine which ones matter • Identifying, Prioritizing and Assessing affected third parties in real-time • Incorporating objective data into the decision-making processes • Streamlining workflows and scaling your operations

What is the role of Third Party Risk Management during and after a widespread incident? How can TPRM programs best prepare for potential security incidents? When and how should TPRM programs conduct “ad hoc” vendor assessments? With whom should TPRM practitioners communicate during incidents? Join this webinar to explore recommended “best practices” for TPRM professionals during incident response and management situations.

This meeting covered Microsoft's nuclear-powered data center. We discussed NIST standards for post-quantum cryptography (PQC), emphasizing the transition from RSA to ML Chem and ML DSA for key encapsulation and digital signatures. The conversation highlighted the rapid advancements in AI and the need for agile governance to balance innovation and regulation. The discussion also touched on the lessons learned from Y2K, the importance of asset management, and the potential risks and benefits of AI, drawing parallels to past technological fears and uncertainties.

The Shared Assessments Healthcare Committee discussed the rapid evolution of technology, particularly AI, and its impact on third-party risk management. Key points included the importance of aligning risk assessments with contractual terms and business impact analysis. The committee members shared their assessment volumes, with some performing over 500 assessments annually. They also discussed the use of AI tools to streamline the assessment process and the challenges of managing large volumes of assessment questions. The meeting concluded with a review of the committee's achievements in 2024 and plans for 2025, emphasizing the need for continuous improvement and adaptation to emerging risks.

The Shared Assessments Global ESG TPRM Committee discussed the consideration of rebranding from ESG to Sustainability, with 62% of respondents supporting the change. Gary Roboff, Senior Advisor, Shared Assessments, discussed the EU's new regulation on deforestation, emphasizing its importance for global supply chains. Rhonda Cook, Senior Advisor, reviewed Noteworthy News on ESG &TPRM. A Deloitte survey revealed that 66% of private company leaders view climate change as a high or very high risk. The US Department of Commerce unveiled the SCALE tool to assess supply chain risks, though it is not publicly accessible. Members expressed interest in AI’s role in Sustainability as a topic for future discussion in the Committee. Links to suggested reading are included in the Master Deck, attached. The meeting concluded with a ShopTalk on integrating sustainability into third-party risk programs, highlighting practical steps and challenges.