Shared Assessments 2019 Third Party Risk Management Toolkit

Promote this Nomination

Additional Info

Company (that provides the nominated product / solution / service)Shared Assessments
Company size (employees)10 to 49
Type of solutionSoftware

In 3 bullets, summarize why this product or service is different from the competition and deserves recognition:

• The Toolkit was built by and is continuously enhanced by the global community of Shared Assessments members. It leverages the collective intelligence of diverse perspectives of practitioners across a broad spectrum of industry sectors. The 2019 edition further enriches Shared Assessments’ industry-leading vendor Risk Management Maturity Model Benchmark Tools, Standardized Information Gathering (SIG) Questionnaire Tools, and Standardized Control Assessment (SCA) Procedure Tools. It also includes GDPR Privacy Tools that enable organizations to track third party compliance with unmatched precision and ease.

• The 2019 Toolkit gives third party risk practitioners the tools, best practices and insight to support every aspect of the third party risk management (TPRM) lifecycle – from planning for a third party engagement and vendor selection, through contract negotiations, continuous monitoring and relationship termination.

• The Shared Assessments Risk Management Intelligence Ecosystem and Tools benefit the hundreds of Shared Assessments member organizations who help contribute to the Toolkit, and the many, many other organizations worldwide that depend on the Toolkit to help protect their organizations using its market-proven best practices guidance, tools, certifications and education.

Brief Overview

Third party data breaches, leaks and vulnerabilities have emerged as a few of the single-most urgent, consequential cybersecurity challenges. Incidents can cost millions of dollars and potentially irreparable reputational harm. Organizations must be continuously vigilant, and given the scope and complexity of the threat, no one organization can go it alone.

Shared Assessments is the trusted de facto global standard for managing the full lifecycle of vendor relationships. And the 2019 Toolkit from Shared Assessments affords unprecedented speed and flexibility in creating and conducting vendor assessments.

Key Toolkit components include the Vendor Risk Management Maturity Model (VRMMM) Benchmark Tools, which include:

– The Standard Information Gathering (SIG) Questionnaire Tool: lets users fully assess 18 critical risk domains and corresponding controls, including IT, cybersecurity, privacy, resiliency and data security risks.

– The Standardized Control Assessment (SCA) Procedure Tool: lets organizations perform onsite or virtual assessments of vendors – the key verification for an effective third party risk program.

– GDPR Privacy Tools: help organizations meet regulatory requirements for appointing and monitoring data processors (i.e., third parties/vendors).

New Toolkit features:

– Content Library: standardized questions, vertical-specific questions and the opportunity to add custom questions, enabling questionnaires to be built on the fly, retaining the benefits of standardization while enabling customization.

– New SIG Architecture: The 2019 SIG code is newly lightweight, reducing file sizes and susceptibility to technical issues, while accelerating questionnaire creation.

– Custom Scoping: Organizations can now scope by Domain, Category, Authority Document, Tiered Scoping or Individual Question Scoping.

The Toolkit is constantly updated with the most relevant and current U.S. and International regulatory and privacy content such as NIST 800-53r4, NIST CSF 1.1, FFIEC CAT Tool, the EU GDPR and PCI 3.2.1. It helps third party risk practitioners with all aspects of the third party risk management lifecycle.