Day 2, Pre-Summit. From early morning until noon, SIG Toolkit Training – Covering all the Basics workshop was alive with metaphors (and a few practical jokes). Workshop leaders Christopher Campbell (Manager, Sales, Shared Assessments) and Tom Garrubba (Vice President, Shared Assessments) cultivated engaging conversation around the Standardized Information Gathering tool, providing an overview of the SIG’s architecture, technology and functionality. Outside of the overview, Campbell and Garrubba highlighted key assets contained within the SIG and the benefits of using them, and lent some valuable general advice for practicing TPRM.
By design, the SIG helps you meet requirements, standards and regulations. This tool is built from the ground up by the Shared Assessments community. Members and other vetters from regulated and non-regulated industries consider the SIG from every angle. The diversity of thought behind the tool provides flexibility: the SIG can be scoped to every third party relationship.
Garrubba emphasized the importance of having access to experts across the TPRM industry. If you do not know the answer to a question you encounter in an assessment, ask around, even outside of your organization. And – set expectations about efficiency and the pace with which you can move through assessments.
In the afternoon, Linnea Solem (President and Founder Solem Risk Partners, LLC) and Brad Keller (Senior Vice President & Chief Strategy Officer, The Santa Fe Group, Shared Assessments Program) led a session brimming with recommendations for Navigating Data Governance for Privacy and Third Party Risk.
Within the growing privacy regulatory changes across the globe, third party relationships are under scrutiny. No matter your industry or background, learning about data privacy is critical in our interconnected world.
The Data Governance workshop offered insight into privacy frameworks, regulations and guidance for managing privacy risk in the context of third party relationships. The workshop provided guidance on how to leverage and integrate privacy data governance tools into TPRM processes. Finally, Solem and Keller outlined how to optimize results when conducting third party privacy assessments with scoping tools and standardized methodologies.
Keller raised a key consideration in the session: data must be treated as an asset! In addition, a specific person needs to be designated as responsible and accountable for this asset which is so critical to brand, market share, and reputation risk. This perspective makes the details shared in this session all the more significant and relevant for organizations across the spectrum.