Tuesday, November 10th from 12:00 pm to 1:00 pm EST
Hackers are now using third parties as an entry point to access an outsourcer’s sensitive data, increasing regulatory scrutiny and reputational risk. Risks to sensitive data have never been greater. With the rise in cyber attacks and data breaches, outsourcing to third parties can present an exponential threat to corporations.
New regulations, technologies, standards, and security threats require organizations to implement robust vendor oversight to meet and stay ahead of the latest risks and challenges from new payment methods and systems, data breaches, and cyber attacks. However, the service provider control evaluation process has long been inefficient and costly. Each outsourcing organization produces and distributes its own proprietary questionnaire to each of its service providers. Service providers strain their resources to respond to diverse client information requests. Inconsistencies from questionnaire-to-questionnaire cause delays for all parties. Time and resource intensive onsite visits further burden both the outsourcer and the service provider.
Leveraging the Shared Assessments Agreed Upon Procedures (AUP), the testing procedures for the Shared Assessments Program, as the common risk assessment methodology, the largest U.S. based financial institutions are collaborating to conduct “shared” assessments of key service providers who provide common services. By treating third-party risk management as a collaborative issue, not a competitive issue, it is paving the way for new, cross-industry best practices, increased efficiencies and cost savings for the industry.
This session will provide a case study to review the workflow developed by the Shared Assessments financial institution members, the robust methodology created, the collaborative assessments performed to date, and how we’re now prepared to move this program to global financial services organizations.