June 2014 Newsletter
This Month's Focus: 
Experts Weigh In on Third Party Risk

Risk professionals and regulators at the 7th Annual Shared Assessments Summit discussed the increased regulatory and industry focus on third party risk. 

Shared Assessments gathered another impressive set of risk professionals and regulators at the 7th Annual Shared Assessments Summit to address this year's theme, The Changing Landscape: Moving from Risk Management to Risk Assurance.


We asked industry experts speaking at our event to comment on risk management trends, best practices, and prevention strategies to manage the risks associated with third party service providers. Among the comments received included:


"The regulators have made it clear that from an ownership perspective there's virtually no distinction between first- and third party data risk. In that environment, market and supplier vigilance is no longer a luxury-it's a necessity."
-Atul Vashistha, founder and CEO, Neo Group


"The best way to prevent a data breach is to have a robust program to assess how your vendors are managing data risks. That's the only control you have."
-Catherine A. Allen, chairman and CEO, 
The Santa Fe Group.


"Continually assessing vendor program and related controls is one of the best ways to reduce uncertainty around managing third party risks."
-Mark Holladay, chief risk officer, Synovus Financial Corporation 


"The best risk management program within an organization means nothing if compliance is outsourced along with production. Risk management must extend to organizations' vendors to drive a full-fledged governance program."
-Kenneth P. Mortensen, Esq., attorney and counselor at law; privacy, cybersecurity, and governance counselor


Click here to read additional comments. 


Thank you to our 2014 Shared Assessments Summit Sponsors. We appreciate your support!




Hear from Shared Assessments Members at these upcoming events:
Shared Assessments Steering Committee Member, Rocco Grillo, Managing Director, Protivi:
  • MIS Audit Leadership Institute - August 18-22, 2014
    Boston, MA Learn more
  • PCI Community Meeting-  September 9-11, 2014 
    Lake Buena Vista, FL  Learn more
Members Only
To promote your upcoming speaking events here, please send detail to Kelly Wagner, Project Manager, The Santa Fe Group.
Commonly asked questions asked and answered


How do we know when it's best to use the SIG Lite vs. the full SIG?



There are several situations where the SIG Lite is frequently a company's best option, they include:

  1. Using the SIG Lite during vendor selection to obtain an initial assessment of their security and data privacy practices.
  2. Assessing lower risk vendors (those that do not have access to customer data or systems)
  3. When initially developing a third party risk program, the SIG Lite is a great way to become familiar with using vendor questionnaires moving up to the full SIG as your program becomes more mature, and you have a better ability to risk rank your vendors.


Vendors and service providers are top targets for data breach attacks;
experts suggest best practices to move from risk management to risk assurance. 

... Read more
Interested in Becoming a Shared Assessments Member?

Contact Julie Lebo, VP Member Relations, at
(703) 533-7256 or by Email
OCC Guidance 2013-29
Federal Reserve Guidance on Managing Outsourcing Risk
ISO/IEC 27001:2013
NIST: Framework for Improving Critical Infrastructure Cybersecurity

New! Now Available on Demand:


Vendor Risk Management Survey Results Webinar 

Shared Assessments Steering Committee Member Tom Garrubba, CVS Caremark, discusses the 2014 Vendor Risk Management Benchmark Survey results with experts from Shared Assessments and Protiviti. They reveal the maturity level of VRM programs across industries and company sizes and share insights and experiences.

Brad Keller, Senior Vice President and Program Director, Shared Assessments and Shared Assessments Steering Committee Member, Rocco Grillo, Managing Director, Protiviti, discuss How to Raise Your Companies VRM Maturity Level.
Podcast: Listen now

Future Topic Suggestions
Do you have a topic you'd like to see covered in an upcoming newsletter? 
Send your ideas to Kelly Wagner, Project Manager for Shared Assessments.
Career Opportunities
To learn more about possible career opportunities with The Santa Fe Group and Shared Assessments Program, send your inquires to jobs@santa-fe-group.com


Copyright � 2014. All Rights Reserved.