Risk Rating Third Parties
SANTA FE, N.M., Oct. 12, 2017 /PRNewswire/ — The Shared Assessments Program today released another resource in its “Building Best Practices” series: Risk Rating Third Parties: Optimizing Risk Management Resources.
“It is essential that a pre-engagement risk rating be performed on every potential third party in order to determine appropriate levels of expectations for due diligence and ongoing assessment oversight,” states Shawn Malone, Founder & CEO, Security Diligence, LLC and Shared Assessments Best Practices Committee Chair.
When based on pre-determined criteria, outsourcers can use risk rating to identify actual versus perceived risk as it relates to specific risk areas, such as financial health, security controls and business resiliency. Standardized risk rating provides a documented and defensible approach to assigning assessment resources, while defining the level of oversight that needs to be applied to a particular third party provider.
Shared Assessments resources are developed by its members, who represent all verticals and risk management disciplines, for the benefit of the global risk management community. This paper presents best practices for third party risk rating and shows how risk managers can incorporate these practices into their program for greater efficiency and effectiveness. To be effective, risk rating must be based on defined risk tolerance criteria and aligned with the risk appetite statement of the outsourcer.
This type of objective risk rating can help avoid significant disruptions from a third party, such as operating performance degradation, direct financial cost, diversion or addition of resources and failure to support expected service delivery and/or risk management outcomes. The risk-based application of assessment methodology and formal process can set the stage for effective allocation of resources as the organization’s third party risk management program matures and expands.
You can read/download the full Risk Rating paper here.
About the Shared Assessments Program
As the trusted leader in third party risk assurance, the member-driven Shared Assessments Program has been setting the standard in third party risk assessments since 2005. Shared Assessments Program members work together to build and disseminate best practices, building resources that give all third party risk management stakeholders a faster, more rigorous, more efficient means of conducting security, privacy and business resiliency control assessments. For more information on Shared Assessments, please visit http://www.sharedassessments.org.
Jenny Burke, Senior Vice President of Communications & Marketing
View original content with multimedia:http://www.prnewswire.com/news-releases/risk-rating-third-parties-300535243.html
SOURCE The Santa Fe Group, Shared Assessments Program