Shared Assessments Program

Shared Assessments is a third party risk membership program that provides organizations with a way to obtain a detailed report about a service provider's controls (people, process and procedures) and a procedure for verifying that the information in the report is accurate.

Download this free guide

6 Steps for Effective Information Security Assessments

Assess your organization’s security risks with this checklist. Expert Kevin Beaver explains the 6 key components of the process.

Start Download

• Corporate E-mail Address:

  You forgot to provide an Email Address.

  This email address doesn’t appear to be valid.

  This email address is already registered. Please login.

  You have exceeded the maximum character limit.

  Please provide a Corporate E-mail Address.

• • I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

  Please check the box if you want to proceed.

• • I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

  Please check the box if you want to proceed.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

In 2006, six members of the financial services industry in conjunction with the Big 4 accounting firms, and key industry service providers set out to ease the risk assessment burden on both outsourcers and third parties. Their goal was to streamline the cumbersome evaluation process and create an industry standard. The result is the Shared Assessments Program. Today, the Shared Assessments Program helps members helps members to keep current with regulations, industry standards and guidelines as well as the current threat environment. 

Shared Assessments membership includes use of the Shared Assessments Program Tools. The Agreed Upon Procedures (AUP); Standardized Information Gathering (SIG) questionnaire and Vendor Risk Management Maturity Model (VRMMM), offers companies and their service providers a standardized way to assess IT controls for data security, privacy and business resiliency. Shared Assessments also administers a third party risk management certification program called the Certified Third Party Risk Professional (CTPRP). 

The Shared Assessments Program is managed by The Santa Fe Group, which is based in Santa Fe, New Mexico. 

See also: compliance audit