This Month's Focus:
2014 Vendor Risk Management Benchmark Study
|
Shared Assessments Survey Reveals Gaps in Third-Party Risk Management Practices
|
Shared Assessments and global consulting firm Protiviti's, recent benchmarking survey on the state of organizations' third party vendor risk management programs revealed the need for improvements in the components of most company's third party risk programs. The top findings of the 2014 Vendor Risk Management Benchmark Study reveal that current third party risk management practices cross industry, especially in insurance and healthcare, are vulnerable and lacking in governance, policies, standards, and procedures; improvement is needed. The study is available for download at
Other key findings: while financial services programs outperform other industries; vendor assessment procedures are lack luster, and staff tends to be undertrained and lacking in necessary resources.
Third party risks are top of mind. We already know that outsourcing and partnering with third party vendors greatly increase organizations' data and security risks and vulnerabilities. The challenge for organizations is how to manage data, privacy and security risks when the risks for these issues lie outside of their immediate control.
|
To learn more Click here to read the article A Look at the Maturity of Vendor Risk Management.
|
ADDITIONAL INFORMATION
Current Shared Assessments Press Releases
Listen to the Podcast
Register for June 3, 2014 Webinar
Join us on Tuesday, June 3 at 1pm ET/10am PT, for our Vendor Risk Management Benchmark Survey results discussion with experts from Shared Assessments and Protiviti. They will reveal the maturity level of VRM programs across industries and company sizes. Learn more and register
The Shared Assessments Vendor Risk Management Maturity Model (VRMMM) 2014
Using governance as the foundational element, the Vendor Risk Management Maturity Model (VRMMM) identifies the framework elements critical to a successful program. High-level components are broken down into subcomponents in a manner that makes the model adaptable across a wide spectrum of industry groups.
The VRMMM is free to members and for purchase to non-members. To learn more about the VRMMM visit https://sharedassessments.org/products/vrmmm2014/
|
SHARED ASSESSMENTS PROGRAM
& MEMBER SPOTLIGHT
Hear from Shared Assessments Members at these upcoming events:
|
Shared Assessments Program Director Brad Keller:
- Mortgage Bankers Association - June 5, 2014
Dallas, TX Learn more
|
Shared Assessments Steering Committee Member, Rocco Grillo, Managing Director, Protivi:
- MIS Audit Leadership Institute - August 18-22, 2014
Boston, MA Learn more - PCI Community Meeting- September 9-11, 2014
|
Shared Assessments Program Vice-Chair, Jonathan Dambrot, Managing Director, Prevalent:
|
Members Only
To highlight your upcoming events here, send your upcoming events to Kelly Wagner, Project Manager, The Santa Fe Group at [email protected].
|
ASK THE EXPERTS
Commonly asked questions asked and answeredQuestion:My team is in the process of refining our company's third party risk management program. Where should I focus most of my resources? Compliance? Assessment? Answer: A difficult question to answer without knowing more about the industry you are in and your company's appetite for risk in general. However, a good place to start is the Shared Assessments Vendor Risk management Maturity Model (VRMMM). The VRMMM takes a best practices approach by first identifying the eight major areas of a third party risk program. Those eight areas are then broken down into various components and sub-components, each of which may be adjusted to reflect your company's appetite for risk. It is important to note that each area of the VRMMM should be addressed in order by first laying the foundation necessary for a good program (i.e., governance, then policies/procedures, etc.) before moving on to other areas. I would also advise that before you begin your effort you also use the VRMMM to evaluate the maturity of your current program. This will allow you to better identify the areas for improvement, and track your program's development over time.
|
|
|
A Look at the Maturity of Vendor Risk Manageement
By Brad Keller, SVP and Program Director, The Santa Fe Group and Rocco Grillo, Managing Director, Protiviti.As the volume of outsourced products and services has surged in recent years, so, too, have the risks associated with vendors and third party providers. This is occurring in highly regulated industries such as financial services and healthcare; in media and retail, as seen in recent news; as well as in any organization that is relying on third party vendors to manage operations and processes. ... Read more
|
Interested in Becoming a Shared Assessments Member?
Contact Julie Lebo, VP Member Relations, at (703) 533-7256 or by Email
|
Federal Reserve Guidance on Managing Outsourcing Risk
|
|
NIST: Framework for Improving Critical Infrastructure Cybersecurity
|
|
PCI 3.0 Presentation on Demand
Watch Shared Assessments Program Director, Brad Keller, The Santa Fe Group, Shared Assessments Vice-Chair, Jonathan Dambrot, Prevalent Networks, and Santa Fe Group Senior Consultant, Gary Roboff, discuss PCI 3.0 changes and what it means for retailers and providers.
|
|
Future Topic Suggestions
|
Do you have a topic you'd like to see covered in an upcoming newsletter?
Send your ideas to Kelly Wagner, Project Manager for Shared Assessments
|
|
|
|