Third Party Risk Management - Consultancy, Assessment & Advisory

Shared Assessments Releases 2022 Third Party Risk Management Toolkit

Standardised Excellence To Meet Today’s Risk Environment

Shared Assessments 2022 Third Party Risk Management Toolkit

Shared Assessments has released the 2022 Third Party Risk Management Toolkit. The tools included in this update are:

The Toolkit functions as a framework for Third Party Risk Management (TPRM) allowing 15,000+ organisations worldwide to design and manage their programs with a high degree of assurance and efficiency through standardisation. The SIG is also incorporated into the products of 37 of the program’s third party risk software and GRC platform licensees.

How The Risk Management Toolkit Is Made

The 300+ member organisations bring diverse viewpoints into the creation of the tools including:

The toolkit was updated to keep up with regulatory changes, an evolving threat landscape and business requirements. Changes were also made to make it easier to create questionnaires and manage programs. While the tools can stand alone, we focused on aligning the entire suite of tools for 2022.

Third Party Risk Landscape 2022

Every year, the Shared Assessments TPRM Toolkit is updated to keep pace with the current risk environment.

2021 saw a major increase in ransomware, for example. Even if we do not record a single ransomware attack in this second half of 2021, this year will go down as the worst year yet for ransomware. Social engineering attacks, distributed denial-of-service (DDoS) and state sponsored cyberattacks are also on the rise. And we are seeing an increase in attacks on critical infrastructure, such as the Colonial Pipeline disruption.

New regulations call for organisations to evidence the completion of risk assessments and securely store these artifacts. With an industry-wide shift to virtual assessments during the pandemic, this documentation has become even more critical.

For organisations struggling to find a foothold amidst pandemic induced challenges, protracted disruptions to supply chains and difficulty to onboard and assess new vendors remains an issue. While at the same time, cost pressure has prevented insourcing.

A remote workforce poses its own challenges – in the Work-From-Anywhere (WFA), on-boarding and training of risk management personnel has become more challenging.

Economy-wide, pressure is growing to introduce ESG measures (environmental, social, and governance) across extended enterprise. Third party risk management programs are being called upon to assist their organisations’ ESG efforts with their most critical suppliers and vendors.

As the face of third party risk changes, the Shared Assessments 2022 Third Party Risk Management Toolkit prepares risk practitioners and programs for a shifting reality.

Regulatory Updates

Shared Assessments updates tools to follow regulations, guidelines and standards for a wide range of industries. The 2022 Toolkit has integrated 1,600 Control Points from new guidelines, regulations, and frameworks including:

Updates for Environmental, Social, Governance (ESG)

Third party risk programs must increasingly gauge the ESG compliance of critical suppliers and vendors. In response, new features of the 2022 Toolkit include ESG updates among all SA Tools:

Standardised Information Gathering (SIG) Questionnaire Tools

Smarter and streamlined, the 2022 SIG Questionnaire allows organisations to build, customise, analyse and store questionnaires. A simplified user experience delivers vetted questions mapped to the most recent controls and regulatory guidance.

The SIG continues to provide standardisation and efficiency in performing third party risk assessments along with:

Standardised Control Assessment (SCA) Procedure Tools

The SCA Procedures are standardised resources (tools, templates, checklists, guidelines) that can be used to plan, scope, and perform third party risk assessments. The procedures provide a standardised and objective assessment workbook for assessors to verify vendor compliance with standardised control testing.

As the COVID pandemic shifted risk management programs towards performing virtual assessments, the SCA served as the standard for improving efficiency, accuracy and quality in remote assessments. Having helped many organisations migrate in-person assessments to virtual assessments, for 2022 the SCA has matured with:

Vendor Risk Management Maturity Model (VRMMM) Benchmark Tools

A TPRM Program Assessment Tool to assist organisations as they develop mature TPRM programs, the VRMMM allows Third Party Risk programs to benchmark themselves against a comprehensive set of best practices. The 2022 release of the VRMMM introduces a multidimensional program model, which explores 250 distinct program elements formed by 8 key structures and 6 key attributes a well-run third party risk management program will have.

The 2022 release of the VRMMM explores 250 distinct program elements formed by 8 key structures and 6 key attributes a well-run third party risk management program will have. It supports both assessments of a vendor’s TPRM program and self-assessment of a company’s own TPRM program. This invaluable guidance is particularly helpful for practitioners new to risk management teams, and to organisations building a TPRM Program.

The 2022 Toolkit features a sweeping refresh and reorganisation of VRMMM content reflecting global industry guidance around third party risk and modernisation of TPRM language. Other enhancements to the VRMMM in 2022 include:

Data Governance Tools

The Data Governance Tools are solutions for addressing specific data protection obligations (increasing worldwide) in third party risk. The tools enable collection and maintenance of data governance information required to address compliance for authorised data use by third and fourth parties by product, service, or system.

The 2022 Data Governance Tools include:

The Data Governance Tools have evolved for increasing regulatory pressure across the world and now:

Get The 2022 Third Party Risk Management Toolkit

To learn more about the Shared Assessments Program and TPRM Toolkit please contact

Shared Assessments 2021 Logo TPRM Third Party Risk Management TPRM Toolkit

Sean O’Brien
Co-Chair Shared Assessments UK/EMEA Best Practice Committee
on +44 (0) 161 476 8700, or

Members can download the 2022 Toolkit here

Become involved with making the tools here.

Schedule a demo here.