The Program Tools are an important component of the Shared Assessments third party risk management framework, which helps organizations manage the full lifecycle of a third party relationship – from planning for a third party engagement, due diligence and vendor selection, contract negotiations, ongoing and continuous monitoring to termination. These Tools embody a “trust, but verify” approach for conducting third party risk management assessments and use a substantiation-based, standardized, efficient methodology.
- Standardized Information Gathering (SIG) questionnaire remote assessment;
- Agreed Upon Procedures (AUP) for performing onsite assessments; and
- Vendor Risk Management Maturity Model (VRMMM) for evaluating programs against a comprehensive set of best practices.
While each Program Tool may be used independently, the combined value of the Tools provides maximum protection from third party risks, allowing risk management professionals to respond to the relentless pace and shifting nature of cyber security threats and vulnerabilities associated with rapidly changing outsourcing, Cloud, mobile and fourth party security issues.
The Tools are designed to be tailored to an organization’s unique application of regulations, divisional needs and risk appetites. Shared Assessments keeps a close eye on emergent risks, as well as emerging regulations, guidelines and standards for the wide range of industries that our members represent, such as: the proposed changes to the U.S. Cyber Consequences Unit (CCU) Free Cybersecurity Matrix Tool; New York State’s proposed requirements for banks, insurance companies, and other financial services institutions; and the OCC’s request for comments on its proposed Enhanced Cyber Risk Management Standards and its request for comments on Responsible Innovation in Banking.
All of the updated Program Tools will be available to all Shared Assessments Members and are included in the annual membership fee. Membership provides opportunities to deepen vendor risk management expertise through members-only meetings, events, teleconferences and regular cross-industry working groups that discuss best practices, new standards and guidelines and the regulatory climate. Non-members are able to purchase the Shared Assessments Tools, either as a bundle or separately, by visiting https://sharedassessments.org/store/.