Shared Assessment Committees Update
©2012 The Shared Assessments Program. All Rights Reserved.
Proposed Changes to the Shared Assessments
Committee Structure
 Technical Development Committee. Renamed Development
Committee to reflect broader scope of work. Retain same
responsibility for Program Tools and Special Projects
 Education Committee. Focus on educational and training
needs of the Program
 Communications Committee. Focus on industry awareness,
marketing and general Program outreach
 All three to report to Steering Committee with SFG support
 Development Committee – Brad Keller
 Education & Communications Committees – Robin Slade
©2012 The Shared Assessments Program. All Rights Reserved.
2
Development Committee Agenda for 2012
 SIG Working Group
 Consider development of a mid-level SIG, and/or “beefed up” SIG Lite
 Determine additional regulatory mapping needs for SIG and re-map tabs to
new and exhausting regulations
 Evaluate the existence of any gaps in coverage and develop questions for
those areas
 AUP Working Group
 The development of a “baseline” AUP (similar to the SIG Lite)
 Determining if any gaps exist in the risk controls currently covered
 Reinforce the AUP as the “partner” document to the SIG – its role is to
verify the controls identified in the SIG
 Where the AUP fits relative to other control assessments – SSAE16, SOC 2
©2012 The Shared Assessments Program. All Rights Reserved.
3
Development Committee Agenda for 2012
 Cloud and Mobile Security Working Group
 The Group will continue to expand on last year's Cloud controls to
further examine Cloud Service models
 Software as a Service (SaaS)
 Infrastructure as a Service (IaaS)
 Platform as a Service (PaaS)
 There will also be a new focus on mobile end-user access models,
including the evaluation of the growing trend of workers accessing
business data from personal devices
 Device ownership issues (BYOD, etc.)
 Data ownership issues
©2012 The Shared Assessments Program. All Rights Reserved.
4
Development Committee Agenda for 2012
 White Papers/Projects
 Vendor maturity model – development of a maturity model for vendor
risk management that establishes the components of a successful
program from inception to full maturity
 Shared Assessment ROI – develop a reusable cross-industry model for
making a high level determination of the benefits obtained from using
the Shared assessments Program Tools
 Benchmarking – consider the development of benchmarking criteria to
assist in the evaluation and tracking of vendor risks
©2012 The Shared Assessments Program. All Rights Reserved.
5
Communications Committee
 Vision Statement:
 To communicate the Shared Assessments Program as “the
trusted source” for vendor risk management best practices,
which includes tools benchmarked to compliance standards
across industries.
 Mission:
 To broaden the understanding of the value of the Shared
Assessments Program through improved marketing,
communications, presentations and networking opportunities.
©2012 The Shared Assessments Program. All Rights Reserved.
6
Communications Committee Agenda for 2012
 Promote the Shared Assessments Program via the following methods:
 Improve branding to ensure alignment of our vision, “to be the trusted source
for vendor risk management.”
 Clearly defining and communicating the value of the tools
 Benefits of following a standardized approach in order to minimize cost
and maximize efficiency of vendor risk assessments
 The most comprehensive assessment of technology-related vendor risk
 Promote the benefits of membership including participation in program working
groups and project activities
 Broaden marketing communications messaging through white papers and
presentations
 Building visibility with other organizations and developing alliances to increase
awareness of the Program
 Develop a communications strategy to increase awareness (US and International),
and utilize social media
 Improve search engine optimization (SEO)
©2012 The Shared Assessments Program. All Rights Reserved.
7
Educations Committee
 Vision Statement:
 For the Shared Assessments Program to become “the
trusted source” for education and training relating to
vendor risk management.
 Mission:
 To provide education and training to inform organizations
within the verticals we serve on practical and proven
approaches to manage vendor risk.
©2012 The Shared Assessments Program. All Rights Reserved.
8
Educations Committee Agenda for 2012
 Promote the Shared Assessments Program via the following methods:
 Develop “buddy system” to match new members with a member mentor/buddy
within their respective industry to help engage and educate on the benefits of the
SA Program.
 In-person educational events
 Develop presentations on the benefits of the Shared Assessments Program
 Develop and implement video demonstrations of Shared Assessments Tools
 Develop curriculum and identify topics/speakers for the Member Forum monthly
conference calls
 Develop and deliver periodic webinar/conference call events:
 Monthly/quarterly “Lunch ‘N Learn” (LNL) sessions
 Enhance the Shared Assessments Website to include online education and
training
 Develop and implement a quarterly Newsletter on vendor risk assessment trends
 Develop and update guides and manuals for Program Tools in partnership with
the Development Committee
©2012 The Shared Assessments Program. All Rights Reserved.
9
To participate in any of the
Shared Assessments Committees Contact:
Kelly Wagner
Project Manager
618-692-6569
kelly@santa-fe-group.com
©2012 The Shared Assessments Program. All Rights Reserved.
10