November 2014 Newsletter

This Month's Focus:

Third Party Risk Certification

Certified Third Party Risk Professional Certification: What is is and why you need it.

For many companies, vendors are the weak link in the data security chain. And they're paying for it. Goodwill. AT&T. Lowe's. Target. Viator. These and other lesser known companies have experienced third party breaches of confidential customer and employee data. Nobody doubts the good intention of organizations when it comes to safeguarding sensitive information. But disseminated through a veritable ecosystem of third and fourth parties, data gets a lot harder to protect.

Managing risk in an outsourced economy takes special expertise. Risk professionals have to know and implement the necessary strategies, processes, and practices when evaluating and managing vendor risk and oversee the security of sensitive data after a vendor has access to it. The Certified Third Party Risk Professional (CTPRP) designation developed by the Shared Assessments Program is a new certification program that validates proficiencies in assessment, management, and remediation of third party risk issues. With this designation, risk professionals can help their organizations better manage vendor risk and reduce the likelihood of costly breaches, and receive professional credibility, recognition, and marketability.

The Certified Third Party Risk Professional (CTPRP) program will launch in January 2015. Individuals who pass the CTPRP examination and successfully comply with the requirements to earn and maintain the certification have a thorough working knowledge of third party risk management concepts and principles.

Click here to learn more on this subject.

ADDITIONAL INFORMATION

The following links provide additional information related to this months topic:

2015 Shared Assessments Summit

Join us for the 2015 Shared Assessments Summit

Four Seasons Hotel - Baltimore.

Schedule of Events

April 27: SIG 101 & AUP 101 Pre-Conference Workshop(s)

April 28: Effective Contracting & Consumer Protection & Regulatory Compliance Pre-Conference Workshop(s)

April 29: Shared Assessments Summit (full day session)

April 30: Shared Assessments Summit (morning session)

May 1: CTPRP Certification Workshop & Exam

Click here to learn more about the 2015 Shared Assessments Summit

Click here to learn more about the Pre-Conference Workshops.

The Shared Assessments Program is pleased to announce the launch of the Certified Third Party Risk Professional (CTPRP) program in January 2015. Individuals who pass the CTPRP examination and successfully comply with the requirements to earn and maintain the certification have a thorough working knowledge of third party risk management concepts and principles. More information and a formal announcement will be released in the near future. Registration, including Member and early bird discounts, will be provided soon.

Click here to learn more about the CTPRP.

Sponsorship Opportunities

Your organization is invited to participate as a sponsor/exhibitor at the Shared Assessments Summit 2015 and Pre-Conference Workshops on April 27-30, 2015, at the Four Seasons Hotel in Baltimore, Maryland. Now in its eighth year, the Shared Assessments Summit is the premier event for all stakeholders in the vendor risk assessment process from a range of industries including financial services, healthcare, telecommunications, energy and higher education.

Click here to view the sponsorship brochure.

To learn more about sponsorship opportunities, contact us at [email protected].

Members Only

To promote your upcoming speaking events here, please send details to Kelly Wagner, Project Manager, The Santa Fe Group.

ASK THE EXPERTS

Commonly asked questions asked and answered

Question:

Will I be eligible to participate in the Certified Third Party Risk Professional (CTPRP) program even if I am not a current member of the Shared Assessments Program?

Answer:

Yes. You do not need to be a Shared Assessments Member to earn the CTPRP. Those who will benefit from earning this certification include third party risk, procurement and compliance professionals, including business vendor managers, risk managers (vendor or operational), vendor IT security managers, IT auditors/assessors, IS auditors/professionals.

For more information on benefits of holding an individual membership, contact [email protected].

Click here to learn more about the CTPRP.

FEATURE ARTICLE

Third Party Risk Certification Critical to Managing Vendor Threats

By Robin Slade, EVP and COO, The Santa Fe Group

Goodwill Industries recently fell on bad times when a vendor's system was attacked by malware, giving criminals access to payment card information - names, payment cards, and expiration dates. This appears to be a sign of the times. Over the past year or so, several major retailers have experienced a breach in which a third party played a roll: Target, Viator, Lowes and AT&T.

MEMBERSHIP

Interested in becoming a Shared Assessments Member?

Shared Assessments would like to welcome our newest Members and Partners:

RESOURCES

OCC Guidance 2013-29

OCC BULLETIN 2014-41

PCI DSS AND PA-DSS VERSION 3.0

Download press release

Download standards

PCI DSS REQUIREMENT 12.8

Download press release

Download standards

Federal Reserve Guidance on Managing Outsourcing Risk

Download

ISO/IEC 27001:2013

Download

NIST: Framework for Improving Critical Infrastructure Cybersecurity

Download

Future Topic Suggestions

Do you have a topic you'd like to see covered in an upcoming newsletter or presented on a future monthly Member Forum call?

Send your ideas to Kelly Wagner, Project Manager for Shared Assessments.

Guest Bloggers

Interested in serving as a guest blogger on the Shared Assessments Authorities on Risk Assurance blog? Contact Kelly Wagner, Project Manager for Shared Assessments.

Read our Guest Blogger Guidelines

CONNECT