Shared Assessments Data Governance

A highly recognized and configurable questionnaire used to assess third-party (vendor) risk across 19-21 domains (e.g., cybersecurity, privacy, data governance, business resiliency); available in Lite, Core, and Detail versions, and can be customized to specific needs.

A specialized version of the SIG focused on evaluating third parties' environmental, social, and governance (ESG) risks, with questions mapped to various ESG frameworks and attributes.

A set of standardized procedures used for performing on-site or virtual assessments to verify vendor compliance and validate their implemented controls, often used after the SIG.

A comprehensive framework and tool to evaluate the maturity of an organization's third-party risk management program, identify gaps, and provide a roadmap for continuous improvement, covering eight key categories.

A solution to consistently determine the inherent risk (risk before controls) posed by prospective third-party engagements, helping to scope due diligence and understand potential impacts.

Tools designed to address specific data protection obligations in third-party risk, helping to track and monitor the use and disclosure of personal data to third and fourth parties, covering various privacy regulations.

A professional credential validating knowledge, experience, and proficiency in the design, structure, and implementation of a comprehensive Third-Party Risk Management (TPRM) Program.

A professional credential validating expertise, decision-making, and proficiency in third-party risk and controls evaluation, specifically for those who perform assessments.

An entry-level training course providing foundational knowledge in Third-Party Risk Management for individuals with limited or no prior experience.

A certificate-based training that guides users on the organizational structure of the SIG and how to create truly custom questionnaires for vendor assessments.

Offers individuals and organizations the opportunity to join a community of over 600 entities, facilitating peer-to-peer connection, conversation, and collaboration to advance best practices.

Regular calls and events for members to discuss industry topics, emerging risks (like DORA's impact on TPRM), and share insights.

Provides live and on-demand demonstrations of their TPRM product family to showcase efficiency and effectiveness.

Members can join various committees (e.g., Financial Services, Emerging Technologies) to contribute to shaping industry standards and product development.

An exclusive platform "by members, for members" to explore solutions and resources.

Leverages AI capabilities to parse security documentation, auto-populate SIG assessments, and assist with inherent risk analysis and other TPRM workflows.

Their products' questions and controls are mapped to a wide range of industry standards, frameworks, and regulations (e.g., NIST, ISO, GDPR, CCPA, CPRA, DORA, NIS2, SOC 2).

Offers resources and products designed to support every stage of the Third-Party Risk Management lifecycle, from due diligence to ongoing monitoring.

Provides a collection of whitepapers, insights, blogs, playbooks, video galleries, webinars, and newsletters for continuous learning and updates.