The Shared Assessments Third Party Risk Management Toolkit was built by our member community, leveraging the collective intelligence of diverse practitioners, and spanning industries and perspectives. The Toolkit components serve organizations regardless of size or industry. The Toolkit embodies a “Trust, but Verify” approach for conducting third party risk management assessments and uses a substantiation-based, standardized methodology.
The SIG employs a holistic set of industry best practices for gathering and assessing 18 critical risk domains of vendors including information technology, cybersecurity, privacy, resiliency and data security risks.
The SCA assists risk professionals in performing onsite or virtual assessments of vendors. The SCA mirrors the 18 critical risk domains from the SIG, and can be scoped to an organization’s needs.
The VRMMM is a tool for evaluating maturity of third party risk programs. This tool is free for members and non-members and measures programs against a comprehensive set of best practices.
Product Bundle Features
|Included Features||VRMMM Benchmark Tools||SIG Questionnaire Tools||SCA Procedure Tools||GDPR Privacy Tools||2019 TPRM Toolkit|
|Vendor Risk Management Maturity Model||X||X|
|Vendor Risk Management Benchmark Study||X||X|
|SIG How to Guide||X||X|
|SIG Management Tool||X||X|
|SCA Practitioner’s Guide||X||X|
|SCA Report Template||X||X|
|SCA Executive Summary Guide||X||X|
|SCA Executive Summary Templates||X||X|
|Onsite Best Practices Checklist||X||X|
|SCA Industry Reference by Section||X||X|
|GDPR Privacy Tools Guide||X||X|
|Standardized Privacy Questionnaire Guide||X||X|
|Standardized Privacy Questionnaire||X||X|
|Standardized Privacy Test Procedure Guide||X||X|
|Standardized Privacy Test Procedure Report Template||X||X|
|Due Diligence Artifacts Checklist||X||X|
|Contractual Obligations Checklist||X||X|
|Target Data Tracker Guide||X||X|
|Target Data Tracker Template||X||X|
Shared Assessments Program tools allow enterprise organizations to evaluate and measure the level of IT risk across their vendors in a quantifiable, objective and Repeatable process.