"The SIG and the AUP are straight forward. When implemented correctly these two artifacts together are consistent with FFIEC guidance for third-party vendor security assessments." "We are leveraging the Program to help clients implement a comprehensive Vendor Management Program."

—Ken Peterson, Founder and CEO of Churchill & Harriman

It's all about … RISK

Each company's risk tolerance is as individual as a fingerprint. What is mission-critical to one organization may be less important to another. But regardless of risk appetite, today's complex reporting and compliance environment requires:

• a focused and thorough articulation of exposures and tolerances, grounded on a rigorous inspection of suppliers' controls, and
• a standard measurement of our risk position over time.

Evaluating our internal risks is a complex task—one further complicated by the growing practice of outsourcing key functionalities to third parties. And while processes can be outsourced, the risks associated with their execution cannot. Every organization that outsources to third parties must establish a rigorous and reliable approach to evaluating their outsourcing risks.

The Need for Shared Assessments

The Shared Assessments Program streamlines this labor intensive and costly process and provides an industry sanctioned, cost effective approach to understanding supplier controls. This program reflects ongoing industry collaboration to establish 'best practices' for evaluating and reporting risk from third-party processors. In addition, it provides benefits to outsourcers by allowing them to document their control stance in a consistent, reliable, re-usable format: one that is proven to be acceptable by clients of outsourcers.