Tuesday, November 10th from 12:00 pm to 1:00 pm EST

Hackers are now using third parties as an entry point to access an outsourcer’s sensitive data, increasing regulatory scrutiny and reputational risk. Risks to sensitive data have never been greater. With the rise in cyber attacks and data breaches, outsourcing to third parties can present an exponential threat to corporations.

New regulations, technologies, standards, and security threats require organizations to implement robust vendor oversight to meet and stay ahead of the latest risks and challenges from new payment methods and systems, data breaches, and cyber attacks. However, the service provider control evaluation process has long been inefficient and costly. Each outsourcing organization produces and distributes its own proprietary questionnaire to each of its service providers. Service providers strain their resources to respond to diverse client information requests. Inconsistencies from questionnaire-to-questionnaire cause delays for all parties. Time and resource intensive onsite visits further burden both the outsourcer and the service provider.

Until now.

Leveraging the Shared Assessments Agreed Upon Procedures (AUP), the testing procedures for the Shared Assessments Program, as the common risk assessment methodology, the largest U.S. based financial institutions are collaborating to conduct “shared” assessments of key service providers who provide common services. By treating third-party risk management as a collaborative issue, not a competitive issue, it is paving the way for new, cross-industry best practices, increased efficiencies and cost savings for the industry.

This session will provide a case study to review the workflow developed by the Shared Assessments financial institution members, the robust methodology created, the collaborative assessments performed to date, and how we’re now prepared to move this program to global financial services organizations.

* Registration Required

Request this Webinar

Fill out the form below to request access to this webinar. Once approved by our staff, a link will be sent to the email address you provide.


  • Event Information


    Tuesday, November 10, 2015


    12:00 pm - 1:00 pm EST


    Charlie Miller
    The Santa Fe Group
    Senior Vice President


    From the comfort of your own computer


    Educational webinar
  • About the Shared Assessments Program

    The Shared Assessments Program is the trusted source for third party risk management with resources, including tools and best practices, to effectively manage the critical elements of the vendor risk management lifecycle. Members represent a collaborative, global, peer community of information security, privacy, and third party risk management leaders in industries including financial services, insurance, brokerage, healthcare, retail, and telecommunications. The Certified Third Party Risk Professional (CTPRP) certification program, membership, and use of the Shared Assessments Program Tools, ensure organizations stay current with the threat and risk environment, including regulations, industry standards, and guidelines. Shared Assessments provides organizations and their service providers the rigorous controls needed for IT, data security, privacy, and business continuity. The Shared Assessments Program is managed by The Santa Fe Group (www.santa-fe-group.com), a strategic consulting company based in Santa Fe, New Mexico. Visit us on the web at www.sharedassessments.org.

    About ISACA

    As an independent, nonprofit, global association, ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems. Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves.