November 2014 Newsletter
This Month's Focus: 

Third Party Risk Certification 

Certified Third Party Risk Professional Certification: What is is and why you need it.

For many companies, vendors are the weak link in the data security chain. And they're paying for it. Goodwill. AT&T. Lowe's. Target. Viator. These and other lesser known companies have experienced third party breaches of confidential customer and employee data. Nobody doubts the good intention of organizations when it comes to safeguarding sensitive information. But disseminated through a veritable ecosystem of third and fourth parties, data gets a lot harder to protect.


Managing risk in an outsourced economy takes special expertise. Risk professionals have to know and implement the necessary strategies, processes, and practices when evaluating and managing vendor risk and oversee the security of sensitive data after a vendor has access to it. The Certified Third Party Risk Professional (CTPRP) designation developed by the Shared Assessments Program is a new certification program that validates proficiencies in assessment, management, and remediation of third party risk issues. With this designation, risk professionals can help their organizations better manage vendor risk and reduce the likelihood of costly breaches, and receive professional credibility, recognition, and marketability. 

Click here to learn more on this subject.
2015 Shared Assessments Summit

Join us for the 2015 Shared Assessments Summit 

Schedule of Events

April 27: SIG 101 & AUP 101 Pre-Conference Workshop(s)
April 28: Effective Contracting & Consumer Protection & Regulatory Compliance Pre-Conference Workshop(s)
April 29: Shared Assessments Summit (full day session)
April 30: Shared Assessments Summit (morning session)
May 1: CTPRP Certification Workshop & Exam

Click here to learn more about the 2015 Shared Assessments Summit

Click here to learn more about the Pre-Conference Workshops.

Click here to learn more about the CTPRP.

Sponsorship Opportunities

Your organization is invited to participate as a sponsor/exhibitor at the Shared Assessments Summit 2015 and Pre-Conference Workshops on April 27-30, 2015, at the Four Seasons Hotel in Baltimore, Maryland. Now in its eighth year, the Shared Assessments Summit is the premier event for all stakeholders in the vendor risk assessment process from a range of industries including financial services, healthcare, telecommunications, energy and higher education. 


Click here to view the sponsorship brochure.

To learn more about sponsorship opportunities, contact us at

Members Only
To promote your upcoming speaking events here, please send details to Kelly Wagner, Project Manager, The Santa Fe Group.
Commonly asked questions asked and answered


Will I be eligible to participate in the Certified Third Party Risk Professional (CTPRP) program even if I am not a current member of the Shared Assessments Program?


Yes. You do not need to be a Shared Assessments Member to earn the CTPRP. Those who will benefit from earning this certification include third party risk, procurement and compliance professionals, including business vendor managers, risk managers (vendor or operational), vendor IT security managers, IT auditors/assessors, IS auditors/professionals.

For more information on benefits of holding an individual membership, contact


Click here to learn more about the CTPRP.



Third Party Risk Certification Critical to Managing Vendor Threats

By Robin Slade, EVP and COO, The Santa Fe Group

Goodwill Industries recently fell on bad times when a vendor's system was attacked by malware, giving criminals access to payment card information - names, payment cards, and expiration dates. This appears to be a sign of the times.  Over the past year or so, several major retailers have experienced a breach in which a third party played a roll: Target, Viator,  Lowes and AT&T.

... Read more

Interested in becoming a Shared Assessments Member?

Contact us by Email
Shared Assessments would like to welcome our newest Members and Partners:
OCC Guidance 2013-29
Federal Reserve Guidance on Managing Outsourcing Risk
ISO/IEC 27001:2013
NIST: Framework for Improving Critical Infrastructure Cybersecurity
Future Topic Suggestions
Do you have a topic you'd like to see covered in an upcoming newsletter or presented on a future monthly Member Forum call? 
Send your ideas to Kelly Wagner, Project Manager for Shared Assessments.
Guest Bloggers
Interested in serving as a guest blogger on the Shared Assessments Authorities on Risk Assurance blog? Contact  Kelly Wagner, Project Manager for Shared Assessments.

Copyright � 2014. All Rights Reserved.