On Demand Events

Missed a recent webinar or Member Forum Call? Catch our previous virtual sessions here. We now offer CPEs from most of our on-demand offerings. To earn CPEs, please submit your information and codes in the form linked below. Note: our on-demand recordings work best when viewed in the Chrome browser.

All On-demand Events

September Insurance Committee – Open to Members/Non-Members

The Shared Assessments Insurance Committee discussed various topics, including the upcoming UK Summit on September 25, the 2025 US Summit in Fort Lauderdale, and the importance of AI in third-party risk management. They recapped data privacy, cybersecurity, liability, and generalized risks associated with autonomous vehicles (AVs). During open discussion on TPRM Insights, they highlighted the need for a risk appetite framework, the roles country risk and operational risk management play. The committee also explored the challenges of assessing vendors during proof-of-concept (POC) phases, suggesting early involvement and data minimization strategies. They noted the increasing number of third-party assessments, with some organizations performing over 500 annually, and the importance of continuous monitoring and cyber threat intelligence tools.
Register to Download

September Financial Services Committee – Open to Members/Non-Members

Jen Hancock highlighted the importance of the IAG guidance for navigating third-party risk and regulatory requirements. Chris Johnson introduced the Shared Assessments IAG gap analysis tool, which maps IAG to rescinded FRB, FDIC, and OCC guidance, helping identify new requirements and potential gaps. During the Open Mic for Members Participants noted the need to explore alternative methods of assurance / due diligence when direct assessments are not possible. The committee explored offshore delivery center controls. Feedback from organizations was they are implementing a combination of physical and technological controls for offshore delivery centers, rather than relying solely on physical security measures like "clean rooms” and a trend towards bringing more critical functions in-house or to captive centers to maintain tighter control over sensitive data and processes, rather than relying on third-party offshore providers. Lastly, participants highlighted the challenges of maintaining control environments and talent acquisition/retention for offshore locations, especially with the shift to more remote and hybrid work models during the pandemic.
Register to Download

September Member Forum Call – Contracting for Resiliency: Navigating AI, Regulatory Changes and Modern Practices

Join us for an engaging fireside chat as we delve into the evolving landscape of contracting. This webinar will explore the intersection of artificial intelligence (AI), business resiliency, and the latest regulatory changes. Our experts will discuss strategies for building business resiliency through robust contracting practices and adapting to recent regulatory shifts. Additionally, we’ll address the critical terms and conditions you should consider for vendors who are or will incorporate AI into their services. Don’t miss this opportunity to gain a deeper understanding of the future of contracting and how to leverage these advancements for your organization’s success.
Speakers:
  • Jennifer Hancock
    Senior Advisor, Shared Assessments
    Jennifer Hancock is a third-party risk management professional with more than 20 years of experience in third-party risk management. As owner of Hancock Consulting LLC, a consultancy she founded to provide specialized advisory services, Ms. Hancock has been able to help organizations develop effective third-party risk management strategies and improve their overall resilience. Her expertise has been sought after by a wide range of clients across industries, and she is dedicated to helping organizations of all sizes manage their third-party risks effectively. As a thought leader in the field of third-party risk management, Ms. Hancock has been a featured speaker at numerous industry events and conferences. She is both a Certified Third-Party Risk Professional and Certified Third-Party Risk Assessor (CTPRA).
    View full bio
  • Matt Johnson
    Partner, Bortstein Legal Group
    Matt Johnson is an accomplished technology, outsourcing, and commercial transactions attorney who is recognized for providing comprehensive strategic, legal, and commercial advice to his clients. Over the course of his career, Matt has drafted and negotiated services agreements, technology licenses, and procurement contracts ranging in value from thousands of dollars to five billion dollars. He has also worked with clients to develop complete sourcing strategies for their information technology operations and business processes, to prepare related RFPs, and to evaluate potential suppliers’ bids. His clients have included financial institutions, pharmaceutical companies, and technology companies; many of the transactions on which he has worked have involved the client’s global operations. Matt’s in-house and operations executive experiences give him a deeper understanding of practical and operational aspects of legal transactions, enhancing the value he offers his clients. Matt takes a broad approach to his work, drawing on his understanding of the business context of a transaction, to provide actionable legal and commercial advice to help clients of every size meet their objectives. Prior to joining BLG, Matt worked as in-house counsel at one of the nation’s largest home health and hospice companies and practiced law with two of the top outsourcing practice groups in the U.S. Before becoming a lawyer, Matt was an operations executive in the assisted living industry. He is a graduate of the College of William and Mary and George Washington University Law School.
    View full bio
Become a Member to Download
Become a Member to Watch

August AI & Emerging Technologies Committee – Open to Members Only

The Shared Assessments AI & Emerging Technology Committee provided an update on Shared Assessments' AI initiatives, including the EU AI ACT, response to the Treasury's RFI and an upcoming AI briefing paper. The committee discussed potential cyber risks and concerns around autonomous vehicles (AVs), including data privacy, cross-border data sharing, and the lack of underwriting history compared to human-driven vehicles. Participants highlighted the need for regulatory frameworks and standards to address the risks of AVs, as the technology is rapidly evolving. Lastly, the committee had an in-depth discussion on the advancements in deep fake technology and the potential for misuse, including identity fraud in remote work situations. Participants emphasized the balance between convenience and security, and the need for new methods to verify identity in a remote workforce. The group also discussed the importance of educating customers and third parties about the risks of deep fakes. The next meeting is scheduled for October 22, 2024.
Register to Download

Best Practices for Threat and Vulnerability Response & Emergency Assessments

It's not getting any easier. Every time we turn around there seems to be another attack or threat that demands our attention. While each event is unique, they all result in third-party risk management teams scrambling to ensure their organizations are protected. Rapid responses and emergency assessments can be knee-jerk, stressful and distracting. It doesn't have to be that way. Join us for a discussion on the best practices to responding to zero-day vulnerability attacks and conducting emergency assessments. We'll outline what's required to prepare in advance so you're ready to execute when the time comes. From establishing solid communication channels to leveraging automation, we'll cover the necessary steps and considerations for an effective response plan. Session attendees will learn:

  • • How to gain visibility into your entire vendor ecosystem and prepare in advance to reduce both reaction time and exposure to loss
  • • How to quickly identify which third parties require follow-on action based on each specific threat actor or vulnerability
  • • How quick-assess campaigns can automatically scope, distribute, and score responses
Speakers:
  • Ed Thomas
    Senior VP, ProcessUnity
    Ed Thomas is a Senior Vice President at ProcessUnity, with an extensive background in Third-Party Risk Management. A seasoned expert in the field, Ed has years of experience guiding organizations on their journey to establish efficient and effective risk management programs. Combining his deep industry knowledge with practical insights, Ed aims to assist organizations in realizing the full potential of their TPRM programs.
    View full bio
  • Elizabeth Dunsmoor
    TPRM Principal, Shared Assessments
    Elizabeth Dunsmoor recently joined Shared Assessments as a TPRM Principal after 15 years as a TPRM practitioner. She has experience designing holistic programs and delivering assessment work within the cybersecurity, financial services, manufacturing, and healthcare sectors. With a proven ability to oversee and execute long-term operational strategies and methodologies for risk programs, Elizabeth is proficient in a variety of management actions including translating strategies into measurable plans, partnering with Procurement, corporate teams, and firm leaders to develop a pipeline of cross-functional leaders within the risk management function. She now provides training and guidance to business leaders to ensure understanding of program requirements, third-party capabilities, and performance expectations.
    View full bio
Register to Download
Register to Watch

August Global ESG TPRM Committee – Open to Members/Non-Members

The conversation focused on various regulations and directives related to ESG (Environmental, Social, and Governance) factors in vendor management programs. Speakers discussed the German Supply Chain Act, EU's Corporate Sustainability Due Diligence Directive, and ESG ratings, highlighting their significance in ensuring ethical and sustainable practices. They also discussed the potential impact of recent Supreme Court decisions on ESG regulations and the evolving nature of third-party risk management in the face of climate change. The speakers emphasized the importance of staying abreast of changes in the insurance industry and incorporating insurance reviews into third-party risk programs to mitigate potential risks. Thank you to our guest speakers, including Justin Libucki, ESG Risk Analyst, SEI Investments, and Jennifer Hancock, Senior Advisor, Shared Assessments.
Register to Download

August Member Forum Call – Cloud Computing Essentials For Third Party Risk Management Leaders

Join us for an engaging and insightful session tailored specifically for third party risk management leaders. This webinar will explore the transformative impact of cloud computing on business operations and risk management strategies. Key topics include: Best practices for assessing and mitigating risks associated with cloud service providers Ensuring data security and maintaining regulatory compliance Effective cloud governance and vendor risk assessments Latest trends shaping the future of cloud technology Attendees will gain valuable insights to enhance their expertise and safeguard their organization's cloud environment. Don't miss this opportunity to stay ahead in the ever-evolving landscape of cloud computing and risk management.
Speakers:
  • Chris Johnson
    Senior Advisor , Shared Assessments
    Chris is a Senior Advisor to Shared Assessments where he focuses on healthcare, financial services, and emerging technologies. He has more than 25 years of experience helping clients effectively manage risk while exhibiting a passionate and dynamic leadership style. Prior to joining Shared Assessments, Chris led third party risk management and information technology initiatives at Bristol Myers Squibb, Bank of America, Merrill Lynch, KPMG, and Marriott International.
    View full bio
  • John DiMaria
    Director of Operations Excellence and Research Fellow, Cloud Security Alliance
    John DiMaria; CSSBB, HISP, MHISP, AMBCI, CERP, is the Director of Operations Excellence and Research Fellow with the Cloud Security Alliance. He has 40 years of experience in Standards and management System Development, including Information Systems, Business Continuity, and Quality. John was one of the innovators and co-founders of the CSA STAR programs Open Certification Framework for cloud providers and developed the first certification scheme and process related to the NIST Cybersecurity Framework. John is a contributing author of the last three editions of the American Bar Association’s Cybersecurity Handbook, and a working group member, and a key contributor to the NIST Cybersecurity Framework and former contributing author and Steering Committee member of the Shared Assessments Program, where he dedicated significant time and effort to advancing the goals and initiatives of the program. John also serves as a leading expert as the BCI SIG Vice-Chair for Cyber Resilience, Working Group Chair for the IEEE P3454™, Standard for Cloud Computing - Operational Resilience – Framework, Member of the MSECB Impartiality, Ethics, and Appeals Committee, and Customer Experience Advisory Member with Lindenwood University, St. Louis, MO. He currently oversees the strategic execution of core operational functions, liaising across departments to provide tactical support and guidance, promoting operational efficiency and interdepartmental collaboration. Prior to joining CSA, DiMaria was the Global Product Champion for The British Standards Institution where he served as the global head of all information security, business continuity and cybersecurity product and process offerings as well as operations assessment scheme manager. He has experience working with both national and international environments.
    View full bio
Become a Member to Download
Become a Member to Watch

Risk Refresh: Modernizing Your Program To Move At The Speed Of Risk

In Third-Party Risk Management (TPRM), the objectives remain constant, yet the technologies and processes used are changing. This webinar will equip you to guide your program toward a modern, agile approach to third-party risk management (TPRM). Attendees will identify outdated processes and pinpoint areas hindering efficiency. Forward-thinking leaders are ignoring old practices, embracing a more modern approach and innovating faster than ever. Join us to discover new technologies including AI and techniques for standardization to see how to streamline assessments and workflows. Evolve your program to move at the speed of risk – join us!
Speakers:
  • John Finizio
    VP, Security, Risk & Compliance,, Whistic
    John, a seasoned professional with 20 years of experience in Security, Audit, Third Party Risk, and Product, serves as VP, Security, Risk and Compliance at Whistic. In this role, he safeguards Whistic's assets, data, and systems from cybersecurity threats and works to improve the risk and compliance posture at Whistic. As a dedicated thought leader, John contributes to shaping the future of Third Party Risk Management (TPRM) and is currently serving a second term on the Shared Assessments US Steering Committee, bringing a wealth of expertise.
    View full bio
  • Elizabeth Dunsmoor
    TPRM Principal, Shared Assessments
    Elizabeth Dunsmoor recently joined Shared Assessments as a TPRM Principal after 15 years as a TPRM practitioner. She has experience designing holistic programs and delivering assessment work within the cybersecurity, financial services, manufacturing, and healthcare sectors. With a proven ability to oversee and execute long-term operational strategies and methodologies for risk programs, Elizabeth is proficient in a variety of management actions including translating strategies into measurable plans, partnering with Procurement, corporate teams, and firm leaders to develop a pipeline of cross-functional leaders within the risk management function. She now provides training and guidance to business leaders to ensure understanding of program requirements, third-party capabilities, and performance expectations.
    View full bio
Register to Download
Register to Watch

August Product Forum Call – Building A Custom SIG

Join us for an insightful Product Forum Call where we delve into the Shared Assessments Standardized Information Gathering (SIG) Questionnaire. This powerful tool empowers organizations to manage third-party risk effectively through customizable assessments. In this webinar, we'll cover:
  • Products for the Third-Party Risk Management Lifecycle: Explore solutions tailored to each stage of your risk management journey.
  • An Overview: Building a Custom SIG: Learn how to craft a tailored SIG to suit your specific risk assessment needs.
  • Product Demo: Get a firsthand look at how the SIG works in action through a live demonstration.
  • Use Cases: Discover real-world scenarios where the SIG has proven invaluable in mitigating third-party risk.
  • Product Benefits: Understand the tangible benefits of leveraging the Shared Assessments SIG for your organization.
  • Subscribe to Download
    Subscribe to Watch

    Shoring Up Your Defenses: A Guide to Cyber Insurance

    Cyberattacks are on the rise, but you don't have to face them alone. Join this webinar to learn how cyber insurance can be your shield. We'll break down the basics: what it covers, from data breaches to ransomware, and how to choose the right policy for your business. Discover key steps to improve your cybersecurity posture and potentially lower your premiums.
    Speakers:
    • Andrew Moyad
      CEO, Shared Assessments
      Andrew is the CEO of Shared Assessments, a global membership organization that supports hundreds of companies, risk programs, and thousands of associated third-party and other risk professionals. As a risk practitioner and executive, he has driven a culture of accountability and diligence in safeguarding information and other assets for organizations and their third parties. He has more than 25 years of experience in risk management and information security.
      View full bio
    • Mary Guzman
      CEO & Founder, Crown Jewel® Insurance
      Mary Guzman is an insurance industry veteran, having spent 30 years as a broker, advising clients on a myriad of risks to their businesses and developing industry-first products/wording, most recently with a focus on all things related to technology, cyber, media, and intellectual property. She is considered a “disruptor” in the industry and is the architect behind the world’s first trade secret insurance.
      View full bio
    Register to Download
    Register to Watch
    1 2 3 13