Third Party Risk Management - Consultancy, Assessment & Advisory

Shared Assessments launches 2020 Third-Party Risk Management Toolkit

Shared Assessments 2020 TPRM Toolkit

Industry-leading Customisation, Flexibility, Efficiency and Tracking for Third-Party Risk Management Programs – Shared Assessments has announced the launch of the latest 2020 version of the Third-Party Risk Management Toolkit.


The Shared Assessments Third-Party Risk Management Toolkit was built by members, leveraging the collective intelligence of diverse practitioners, and spanning industries and perspectives. The Toolkit helps both outsourcers and providers to respond to regulatory, consumer and business scrutiny, and increasing threats and vulnerabilities, surrounding Third-Party service providers.

The Toolkit is constantly updated with the most relevant and current US and International regulatory and privacy content such as NIST 800-53r4, NIST CSF 1.1, FFIEC CAT Tool and PCI 3.2.1. The Toolkit was designed to work together to help third party risk practitioners with all aspects of the Third-Party risk management lifecycle.

We have long recognised the value that standardisation brings to organisations building and maturing their Third-Party risk assurance efforts. Consistency of content and response is critical to driving high quality risk intelligence and significant cost-efficiencies, reducing the time and effort involved in the completion, collection and analysis of Third-Party risk assessments for both the assessing organisation and their Third-Party suppliers.” commented Sean O’Brien MD, DVV Solutions. “The Toolkit is the ideal starting point for any organisation looking to instill best-practice and globally recognised standards into their TPRM program, and forms the basis of our standard managed service offering.


Introducing the New 2020 TPRM Toolkit

The 2020 Third-Party Risk Management Toolkit, comprises:

The 2020 SIG has been streamlined and includes new automation that makes it easier for Outsourcers to manage SIGs and for service providers to respond to, export and share assessment responses.

The 2020 SCA works hand in hand with the SIG to efficiently conduct onsite or virtual assessments, with simplified reporting formats and an improved library of test procedures.

The 2020 VRMMM has more granular tracking capabilities and enhanced reporting dashboards to manage the metrics around your TPRM program.

A new set of tools, the Third Party Privacy Tools grew from the GDPR Toolkit into a set of tools to meet the requirements from various privacy regulations and frameworks, including CCPA.


2020 TPRM Toolkit Regulatory Mapping

The following ten mappings to Authority Documents are now included within the body of the SIG and can be used for creating questionnaires.

For detailed information about the enhancements, content organisation and updates, and which industry and regulatory standards were included in the update to the 2020 Program Tools, click here.

To view key changes to the 2020 SIG, please see the formal Shared Assessments announcement.

DVV Solutions are firmly committed to supporting the development of the Shared Assessments tooling, investing to not only become the first UK-based “Assessment Firm” within the Shared Assessments Program but also taking a role as an active member of both UK and global steering committees, contributing to the ongoing enhancement of the SIG, SCA and Third-Party Privacy Tools. We look forward to helping our clients make the most of the value-add that integrating the 2020 TPRM Toolkit into their risk assurance programs can offer.” added O’Brien


About The Shared Assessments Program

As the trusted source in third party risk, the member-driven Shared Assessments Program has been setting the standard in third party risk assessments since 2005. Shared Assessments Program members work together to build and disseminate best practices, building resources that give all third party risk management stakeholders a faster, more rigorous, more efficient means of conducting security, privacy and business resiliency control assessments. Learn more at