Dependence on outsourced services requires ongoing evaluation of third parties to ensure proper protection of sensitive data against cyber threats and breaches. Today’s risk evaluation process is inefficient and costly for all involved, driving the need for new competencies that allow for a robust, standardized and repeatable third party assessments methodology.
The advisors at The Santa Fe Group recognize that now is the time to test new ideas, including peer collaboration, to perform third party assessments that utilize common shared services. In order to address this critical need for efficiencies in the risk evaluation process, The Santa Fe Group created Collaborative Onsite Assessment Services (COAS), an initiative that manages all steps of the Collaborative Onsite Assessments lifecycle and acts as a liaison between all parties, including the industry participants, service providers, and assessment firms.
COAS was created leveraging the Shared Assessments Agreed Upon Procedures (AUP), the standardized testing procedures used as the common risk assessment methodology for onsite assessments. COAS augmented this tool with incremental test procedures to ensure collective coverage of control requirements from all project participants. The resulting Superset AUP is valid, scalable, consistent, and repeatable.
Collaborative Onsite Assessments Case Study
The result of the Collaborative Onsite Assessments pilot demonstrated how peer collaboration can be used as a cost-effective and efficient way to manage third party risk, strengthen vendor relationships, and protect an organization’s most critical assets. The Program has grown significantly since the results of the pilot were released and Collaborative Onsite Assessments are now being organized in multiple industry verticals including healthcare, asset management, and consumer goods.
To learn more about COAS and review the case study of the pilot, click here.