Industry-leading Customisation, Flexibility, Efficiency and Tracking for Third-Party Risk Management Programs – Shared Assessments has announced the launch of the latest 2020 version of the Third-Party Risk Management Toolkit.
The Shared Assessments Third-Party Risk Management Toolkit was built by members, leveraging the collective intelligence of diverse practitioners, and spanning industries and perspectives. The Toolkit helps both outsourcers and providers to respond to regulatory, consumer and business scrutiny, and increasing threats and vulnerabilities, surrounding Third-Party service providers.
The Toolkit is constantly updated with the most relevant and current US and International regulatory and privacy content such as NIST 800-53r4, NIST CSF 1.1, FFIEC CAT Tool and PCI 3.2.1. The Toolkit was designed to work together to help third party risk practitioners with all aspects of the Third-Party risk management lifecycle.
“We have long recognised the value that standardisation brings to organisations building and maturing their Third-Party risk assurance efforts. Consistency of content and response is critical to driving high quality risk intelligence and significant cost-efficiencies, reducing the time and effort involved in the completion, collection and analysis of Third-Party risk assessments for both the assessing organisation and their Third-Party suppliers.” commented Sean O’Brien MD, DVV Solutions. “The Toolkit is the ideal starting point for any organisation looking to instill best-practice and globally recognised standards into their TPRM program, and forms the basis of our standard managed service offering.”
Introducing the New 2020 TPRM Toolkit
The 2020 Third-Party Risk Management Toolkit, comprises:
- Standardised Information Gathering (SIG) Questionnaire Tools
- Standardised Control Assessment (SCA) Procedure Tools
- Vendor Risk Management Maturity Model (VRMMM) Benchmark Tools
- Third Party Privacy Tools – NEW
The 2020 SIG has been streamlined and includes new automation that makes it easier for Outsourcers to manage SIGs and for service providers to respond to, export and share assessment responses.
The 2020 SCA works hand in hand with the SIG to efficiently conduct onsite or virtual assessments, with simplified reporting formats and an improved library of test procedures.
The 2020 VRMMM has more granular tracking capabilities and enhanced reporting dashboards to manage the metrics around your TPRM program.
A new set of tools, the Third Party Privacy Tools grew from the GDPR Toolkit into a set of tools to meet the requirements from various privacy regulations and frameworks, including CCPA.
2020 TPRM Toolkit Regulatory Mapping
The following ten mappings to Authority Documents are now included within the body of the SIG and can be used for creating questionnaires.
- FFIEC APPENDIX J – Federal Financial Institutions Examination Council (FFIEC) Information Technology Examination Handbook – Appendix J: Strengthening the Resilience of Outsourced Technology Services, February 2015
- FFIEC CAT Tool – FFIEC Cybersecurity Assessment Tool (CAT), May 2017
- FFIEC MANAGEMENT HANDBOOK – FFIEC IT, IS & Outsourcing Examination Management Handbooks, November 2015
- GDPR – EU General Data Protection Regulation (GDPR), April 2016 (Effective May 2018)
- HIPAA – S. Department of Health and Human Services. Health Insurance Portability and Accountability Act (HIPAA) Simplification, March 2013
- ISO 2700X – International Standards Organization (ISO) 27001/27002, 2013
- NIST 800-53r4 – NIST 800-53r4 Security & Privacy Controls for Federal Information Systems and Organizations, January 2015
- NIST CSF 1.1 – National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), April 2018
- NYDFS 23 NYCRR 500 – New York State Department of Financial Services Cybersecurity Requirements for Financial Services Companies
- PCI 3.2.1 – Payment Card Industry (PCI) PCI DSS V.3.2.1, February 2018
For detailed information about the enhancements, content organisation and updates, and which industry and regulatory standards were included in the update to the 2020 Program Tools, click here.
To view key changes to the 2020 SIG, please see the formal Shared Assessments announcement.
“DVV Solutions are firmly committed to supporting the development of the Shared Assessments tooling, investing to not only become the first UK-based “Assessment Firm” within the Shared Assessments Program but also taking a role as an active member of both UK and global steering committees, contributing to the ongoing enhancement of the SIG, SCA and Third-Party Privacy Tools. We look forward to helping our clients make the most of the value-add that integrating the 2020 TPRM Toolkit into their risk assurance programs can offer.” added O’Brien
About The Shared Assessments Program
As the trusted source in third party risk, the member-driven Shared Assessments Program has been setting the standard in third party risk assessments since 2005. Shared Assessments Program members work together to build and disseminate best practices, building resources that give all third party risk management stakeholders a faster, more rigorous, more efficient means of conducting security, privacy and business resiliency control assessments. Learn more at www.sharedassessments.org.