SANTA FE, N.M., Oct. 09, 2018 (GLOBE NEWSWIRE) -- The Shared Assessments Program, the trusted consortium for third-party risk management, has released its latest risk management guidance, Innovations in Third Party Continuous Monitoring, the newest update to the global multi-vendor organization’s “Building Best Practices” series. The series is provided as a free industry resource to security and IT professionals worldwide to drive risk management among digital ecosystem partners.
Third party IT security risks can cause millions of dollars in damages; recent analyst findings confirm that third party involvement was the top contributing factor that led to an increase in the cost of a data breach in 2017. Effective application of the “Observe-Orient-Decide-Act” (OODA Loop) decision cycle principals offered in “Innovations in Third Party Continuous Monitoring” specifically lets organizations improve situational awareness, increase risk management program ROI, and reduce compliance costs.
It helps organizational leaders:
- Assess their organization’s “risk appetite” and strategically plan accordingly;
- Prioritize availability of highly experienced analysts who have the ability to recognize a threat and act accordingly; and
- Ensure the availability of a set of predefined actions – also known as a “playbook” – for specific types of threats to help guide less experienced analysts, and provide more experienced analysts with a policy framework for documenting actions.
It helps risk management practitioners immediately identify:
- A third party’s ability to support the outsourcer’s requirements for regulatory compliance; and
- Changes in the third party’s processes, personnel and/or technology that could potentially inhibit their execution of key risk management processes.
“While using third parties can benefit corporate strategy, third parties can also increase both the firm’s operational risk and the costs associated with effectively managing that risk,” said Caree Wagner, Managing Director, Corporate Operational Risk Management – Third Party Operational Risk at BNY Mellon; Continuous Monitoring Working Group Co-Chair and contributor to the third party risk management paper. ”The traditional, static risk assessment process is expensive to execute and may not identify emerging risks until it’s too late. This paper aims to outline how complementing traditional risk assessment processes with a continuous monitoring program can provide more real-time opportunities to identify and mitigate third party risk.”
Catherine A. Allen, Chairman and CEO of the Santa Fe Group, managing agent for Shared Assessments, said: “Today’s interdependent digital ecosystems and rapidly evolving legislative and regulatory environments demand that organizations continuously ensure the risk and compliance posture of digital ecosystem partners. This latest addition to the “Building Best Practices” series gives senior executives the strategic guidance they need to ensure optimal risk management practices are adopted across their organizations, and gives practitioners the actionable insight they need to succeed.”
“Innovations in Third Party Continuous Monitoring” may be downloaded here.
The Shared Assessments Program’s hundreds of member organizations (including several Global 1000 leaders) manage third party risks through best practices, shared intelligence, education and training, and advanced, highly effective technology tools. As the recognized leader in third-party risk management, Shared Assessments’ resources are member-driven and uniquely industry-informed, and are current with the regulatory and threat environment.
About the Shared Assessments Program
As the only organization that has uniquely positioned and developed standardized resources to bring efficiencies to the market for more than a decade, the Shared Assessments Program has become the trusted source in third party risk assurance. Shared Assessments offers opportunities for members to address global risk management challenges through committees, awareness groups, interest groups and special projects. Join the dialog with peer companies and learn how you can optimize your compliance programs while building a better understanding of what it takes to create a more risk sensitive environment in your organization.