Shared Assessment Committees Update

©2012 The Shared Assessments Program. All Rights Reserved.

©2012 The Shared Assessments Program. All Rights Reserved. 2

Proposed Changes to the Shared Assessments Committee Structure

Technical Development Committee. Renamed Development Committee to reflect broader scope of work. Retain same responsibility for Program Tools and Special Projects

Education Committee. Focus on educational and training needs of the Program

Communications Committee. Focus on industry awareness, marketing and general Program outreach

All three to report to Steering Committee with SFG support Development Committee – Brad Keller Education & Communications Committees – Robin Slade

©2012 The Shared Assessments Program. All Rights Reserved. 3

Development Committee Agenda for 2012

SIG Working Group Consider development of a mid-level SIG, and/or “beefed up” SIG Lite Determine additional regulatory mapping needs for SIG and re-map tabs to

new and exhausting regulations Evaluate the existence of any gaps in coverage and develop questions for

those areas AUP Working Group

The development of a “baseline” AUP (similar to the SIG Lite) Determining if any gaps exist in the risk controls currently covered Reinforce the AUP as the “partner” document to the SIG – its role is to

verify the controls identified in the SIG Where the AUP fits relative to other control assessments – SSAE16, SOC 2

©2012 The Shared Assessments Program. All Rights Reserved. 4

Development Committee Agenda for 2012

Cloud and Mobile Security Working Group The Group will continue to expand on last year's Cloud controls to

further examine Cloud Service models Software as a Service (SaaS) Infrastructure as a Service (IaaS) Platform as a Service (PaaS)

There will also be a new focus on mobile end-user access models, including the evaluation of the growing trend of workers accessing business data from personal devices Device ownership issues (BYOD, etc.) Data ownership issues

©2012 The Shared Assessments Program. All Rights Reserved. 5

Development Committee Agenda for 2012

White Papers/Projects Vendor maturity model – development of a maturity model for vendor

risk management that establishes the components of a successful program from inception to full maturity

Shared Assessment ROI – develop a reusable cross-industry model for making a high level determination of the benefits obtained from using the Shared assessments Program Tools

Benchmarking – consider the development of benchmarking criteria to assist in the evaluation and tracking of vendor risks

©2012 The Shared Assessments Program. All Rights Reserved. 6

Communications Committee

Vision Statement: To communicate the Shared Assessments Program as “the

trusted source” for vendor risk management best practices, which includes tools benchmarked to compliance standards across industries.

Mission: To broaden the understanding of the value of the Shared

Assessments Program through improved marketing, communications, presentations and networking opportunities.

©2012 The Shared Assessments Program. All Rights Reserved. 7

Communications Committee Agenda for 2012 Promote the Shared Assessments Program via the following methods:

Improve branding to ensure alignment of our vision, “to be the trusted source for vendor risk management.”

Clearly defining and communicating the value of the tools Benefits of following a standardized approach in order to minimize cost and

maximize efficiency of vendor risk assessments The most comprehensive assessment of technology-related vendor risk

Promote the benefits of membership including participation in program working groups and project activities

Broaden marketing communications messaging through white papers and presentations

Building visibility with other organizations and developing alliances to increase awareness of the Program

Develop a communications strategy to increase awareness (US and International), and utilize social media

Improve search engine optimization (SEO)

©2012 The Shared Assessments Program. All Rights Reserved. 8

Educations Committee

Vision Statement: For the Shared Assessments Program to become “the

trusted source” for education and training relating to vendor risk management.

Mission: To provide education and training to inform organizations

within the verticals we serve on practical and proven approaches to manage vendor risk.

©2012 The Shared Assessments Program. All Rights Reserved. 9

Educations Committee Agenda for 2012 Promote the Shared Assessments Program via the following methods:

Develop “buddy system” to match new members with a member mentor/buddy within their respective industry to help engage and educate on the benefits of the SA Program.

In-person educational events Develop presentations on the benefits of the Shared Assessments Program Develop and implement video demonstrations of Shared Assessments Tools Develop curriculum and identify topics/speakers for the Member Forum monthly

conference calls Develop and deliver periodic webinar/conference call events:

Monthly/quarterly “Lunch ‘N Learn” (LNL) sessions Enhance the Shared Assessments Website to include online education and training

Develop and implement a quarterly Newsletter on vendor risk assessment trends Develop and update guides and manuals for Program Tools in partnership with the

Development Committee

©2012 The Shared Assessments Program. All Rights Reserved. 10

To participate in any of the Shared Assessments Committees Contact:

Kelly WagnerProject Manager

618-692-6569kelly@santa-fe-group.com