Shared Assessment Committees Update
©2012 The Shared Assessments Program. All Rights Reserved.
©2012 The Shared Assessments Program. All Rights Reserved. 2
Proposed Changes to the Shared Assessments Committee Structure
Technical Development Committee. Renamed Development Committee to reflect broader scope of work. Retain same responsibility for Program Tools and Special Projects
Education Committee. Focus on educational and training needs of the Program
Communications Committee. Focus on industry awareness, marketing and general Program outreach
All three to report to Steering Committee with SFG support Development Committee – Brad Keller Education & Communications Committees – Robin Slade
©2012 The Shared Assessments Program. All Rights Reserved. 3
Development Committee Agenda for 2012
SIG Working Group Consider development of a mid-level SIG, and/or “beefed up” SIG Lite Determine additional regulatory mapping needs for SIG and re-map tabs to
new and exhausting regulations Evaluate the existence of any gaps in coverage and develop questions for
those areas AUP Working Group
The development of a “baseline” AUP (similar to the SIG Lite) Determining if any gaps exist in the risk controls currently covered Reinforce the AUP as the “partner” document to the SIG – its role is to
verify the controls identified in the SIG Where the AUP fits relative to other control assessments – SSAE16, SOC 2
©2012 The Shared Assessments Program. All Rights Reserved. 4
Development Committee Agenda for 2012
Cloud and Mobile Security Working Group The Group will continue to expand on last year's Cloud controls to
further examine Cloud Service models Software as a Service (SaaS) Infrastructure as a Service (IaaS) Platform as a Service (PaaS)
There will also be a new focus on mobile end-user access models, including the evaluation of the growing trend of workers accessing business data from personal devices Device ownership issues (BYOD, etc.) Data ownership issues
©2012 The Shared Assessments Program. All Rights Reserved. 5
Development Committee Agenda for 2012
White Papers/Projects Vendor maturity model – development of a maturity model for vendor
risk management that establishes the components of a successful program from inception to full maturity
Shared Assessment ROI – develop a reusable cross-industry model for making a high level determination of the benefits obtained from using the Shared assessments Program Tools
Benchmarking – consider the development of benchmarking criteria to assist in the evaluation and tracking of vendor risks
©2012 The Shared Assessments Program. All Rights Reserved. 6
Communications Committee
Vision Statement: To communicate the Shared Assessments Program as “the
trusted source” for vendor risk management best practices, which includes tools benchmarked to compliance standards across industries.
Mission: To broaden the understanding of the value of the Shared
Assessments Program through improved marketing, communications, presentations and networking opportunities.
©2012 The Shared Assessments Program. All Rights Reserved. 7
Communications Committee Agenda for 2012 Promote the Shared Assessments Program via the following methods:
Improve branding to ensure alignment of our vision, “to be the trusted source for vendor risk management.”
Clearly defining and communicating the value of the tools Benefits of following a standardized approach in order to minimize cost and
maximize efficiency of vendor risk assessments The most comprehensive assessment of technology-related vendor risk
Promote the benefits of membership including participation in program working groups and project activities
Broaden marketing communications messaging through white papers and presentations
Building visibility with other organizations and developing alliances to increase awareness of the Program
Develop a communications strategy to increase awareness (US and International), and utilize social media
Improve search engine optimization (SEO)
©2012 The Shared Assessments Program. All Rights Reserved. 8
Educations Committee
Vision Statement: For the Shared Assessments Program to become “the
trusted source” for education and training relating to vendor risk management.
Mission: To provide education and training to inform organizations
within the verticals we serve on practical and proven approaches to manage vendor risk.
©2012 The Shared Assessments Program. All Rights Reserved. 9
Educations Committee Agenda for 2012 Promote the Shared Assessments Program via the following methods:
Develop “buddy system” to match new members with a member mentor/buddy within their respective industry to help engage and educate on the benefits of the SA Program.
In-person educational events Develop presentations on the benefits of the Shared Assessments Program Develop and implement video demonstrations of Shared Assessments Tools Develop curriculum and identify topics/speakers for the Member Forum monthly
conference calls Develop and deliver periodic webinar/conference call events:
Monthly/quarterly “Lunch ‘N Learn” (LNL) sessions Enhance the Shared Assessments Website to include online education and training
Develop and implement a quarterly Newsletter on vendor risk assessment trends Develop and update guides and manuals for Program Tools in partnership with the
Development Committee
©2012 The Shared Assessments Program. All Rights Reserved. 10
To participate in any of the Shared Assessments Committees Contact:
Kelly WagnerProject Manager
Top Related