Shared Assessments Program

Shared Assessments is a third party risk membership program that provides organizations with a way to obtain a detailed report about a service provider's controls (people, process and procedures) and a procedure for verifying that the information in the report is accurate.

In 2006, six members of the financial services industry in conjunction with the Big 4 accounting firms, and key industry service providers set out to ease the risk assessment burden on both outsourcers and third parties. Their goal was to streamline the cumbersome evaluation process and create an industry standard. The result is the Shared Assessments Program. Today, the Shared Assessments Program helps members helps members to keep current with regulations, industry standards and guidelines as well as the current threat environment. 

Shared Assessments membership includes use of the Shared Assessments Program Tools. The Agreed Upon Procedures (AUP); Standardized Information Gathering (SIG) questionnaire and Vendor Risk Management Maturity Model (VRMMM), offers companies and their service providers a standardized way to assess IT controls for data security, privacy and business resiliency. Shared Assessments also administers a third party risk management certification program called the Certified Third Party Risk Professional (CTPRP). 

The Shared Assessments Program is managed by The Santa Fe Group, which is based in Santa Fe, New Mexico. 

See also: compliance audit