Sweeping Updates Speak to Rapidly Shifting Regulatory Landscape, DOJ Guidance, State Privacy Laws, GDPR and Expanded ESG Features Included in Toolkit
Shared Assessments, a consortium of corporations, IT service providers and assessment firms, has issued its 2022 Third-Party Risk Management (TPRM) toolkit, aimed at helping risk managers and consultants meet increased regulatory pressure in data governance and ESG.
An estimated 15,000 organizations, risk management programs, practitioners and consultants use Shared Assessments’ tools and research, and the organization’s annual updates help shape best practices in managing risks resulting from third-party vendors. Included among updates for 2022 are 1,600 newly integrated control points, including:
- NIST 800-53 (Rev.5) Security and Privacy Controls for Information Systems and Organizations
- DOJ June 2020 Guidance on Evaluation of Corporate Compliance Programs for publicly held U.S. Companies
- Consensus Assessments Initiative Questionnaire (CAIQ) v3.1 (April 2020)
- CSA Cloud Controls Matrix (CCM) Version 4
- Industrial Automation and Control Systems Guidance EC-62443 (2018)
- GDPR Guidance on Standard Contractual Clauses (SCCs) June 2021
- State Privacy Laws (CA, CO, VA)
In addition to updates that address rapid regulatory changes across the globe, the TPRM toolkit also includes several new features, including ESG updates among all tools, including:
- Standardized Information Gathering (SIG) Questionnaire Tools: The 2022 SIG Questionnaire allows organizations to build, customize, analyze and store questionnaires. A simplified user experience delivers vetted questions mapped to the most recent controls and regulatory guidance.
- Standardized Control Assessment (SCA) Procedure Tools: The SCA Procedures are standardized resources (tools, templates, checklists, guidelines) to plan, scope and perform third party risk assessments. If the SIG is the “trust,” SCA is the “verify.” The COVID-19 pandemic shifted risk management programs toward performing virtual assessments, elevating the SCA’s importance as the standard for improving efficiency, accuracy and quality in remote and onsite assessments.
- Vendor Risk Management Maturity Model (VRMMM) Benchmark Tools: A TPRM program assessment tool to assist organizations as they develop mature TPRM programs, the VRMMM allows third party risk programs to benchmark themselves against a comprehensive set of best practices.
- Data Governance Tools: These have evolved to help meet increasing regulatory pressures across the world. They support business resilience to enhance Disaster Recovery and Business Continuity Plans, and provide insight into 4th/Nth party and cloud provider risk.
About the Shared Assessments Program
Shared Assessments has become the trusted source in third-party risk assurance. Shared Assessments offers opportunities for members to address global risk management challenges through committees, awareness groups, interest groups and special projects. For more information, visit https://sharedassessments.org/ or https://www.sharedassessments.org/blog/2022-third-party-risk-management-toolkit/.
