Shared Assessments

“Professionalizing Third Party Risk Management”

The Shared Assessments Program is the trusted source for third party risk management with resources, including tools and best practices, to effectively manage the critical elements of the vendor risk management lifecycle.

Members represent a collaborative, global, peer community of information security, privacy and third party risk management leaders in industries that include financial services, insurance, brokerage, healthcare, retail and telecommunications. The Certified Third Party Risk Professional (CTPRP) certification program; membership and use of the Shared Assessments Program Tools; ensure organizations stay current with the threat and risk environment, including regulations, industry standards and guidelines. Shared Assessments provides organizations and their service providers the rigorous controls needed for IT, data security, privacy, and business continuity.

The Shared Assessments Program Tools follow a two-step approach to managing third party risks. Using industry-established best practices, the Shared Assessments Program follows a “trust, but verify” approach to conducting third party assessments, enabling you to fine-tune your third party risk management program according to your company’s strategy for managing risk.

The Shared Assessments Program:

  • Continuously monitors for new standards, regulations, and risk areas.
  • Accordingly updates the industry-leading third party risk management Program Tools, which include the:
    • Standardized Information Gathering (SIG) questionnaire, used to perform an initial assessment of your vendors.
    • Shared Assessments Agreed Upon Procedures (AUP), a Tool for standardized onsite assessments.
    • Vendor Risk Management Maturity Model (VRMMM), a self-assessment tool used to determine the maturity of your own third party risk management program.
  • Facilitates and shares the annual Vendor Risk Management Benchmark Study, in collaboration with global consulting firm Protiviti, to examine the maturity of organizations’ current risk management programs across multiple verticals.
  • Offers the only member-driven, collaborative organization creating dialogue around third party risk.
  • Facilitates the Certified Third Party Risk Professional (CTPRP) program – the only certification program solely focused on third party risk management.
  • Created and facilitates the game-changing Collaborative Onsite Assessments Program, which ensures a robust and consistent evaluation of a vendor’s risk posture on common, shared services.
  • Offers cutting-edge education and leadership opportunities through events, such as monthly Member Forum calls and the annual Shared Assessments Summit.

Click here to learn more about the Shared Assessments Program.