The acquisition will enable Shared Assessments to further scale the availability and adoption of the SIG to become the de facto third-party risk standard globally. Shared Assessments, including the Standardized Information Gathering Questionnaire (SIG), Shared Assessments Summit, and Shared Assessments certifications, plan to continue operating as an open and vendor-neutral industry organization.
Register for the Webinar: OneTrust to Acquire Shared Assessments: Fueling the Global Demand for Third-Party Risk Standardization
Shared Assessments SIG as the Ubiquitous Third-Party Risk Standard
The case for global third-party risk standardization is clear. According to Forrester1, “The number of third parties requiring vetting, monitoring, and mitigation far exceed the capacity of most TPRM teams, so they only focus on those considered ‘critical.’” These issues are multiplied by each risk assessment questionnaire having an average of 200 questions.
Recent events have also exacerbated the challenges of managing third-party risk. COVID-19 spurred a decade’s worth of digital transformation to happen seemingly overnight as companies rapidly adopted cloud applications, networking, and security vendors. Solar Winds exposed the challenges enterprises face while understanding and responding to major hacks, and the invalidation of the EU-US Privacy Shield (Schrems II) is forcing organizations to reevaluate thousands of third-party data transfers.
The Shared Assessments SIG is one of the most widely adopted third-party risk standards today, and is positioned to be the ubiquitous global standard to solve these critical third-party risk challenges. The SIG is already used by more than 15,000 companies globally, and with the support and scale of OneTrust, Shared Assessments can advance the SIG’s adoption internationally in critical areas, including:
- Global reach: Make the SIG globally available in languages around the globe
- International alignment: Align the SIG more deeply with international frameworks
- Real-time updates: Adapt the SIG in real-time based on industry news and events (e.g. COVID, Schrems II)
- Adjacent risk domains: Advance the SIG adoption across multiple risk areas, including ESG
- Technology enhancements: Build a technology platform to make it easier for organizations to adopt and apply the SIG in their programs
As a part of OneTrust, Shared Assessments will have the capital and global reach it needs to grow the SIG and scale it into the de facto international third-party risk standard.
Commitment to Shared Assessments’ Vendor-Neutral Integrity
Shared Assessments is tackling challenges that far outreach the scope of one vendor, industry, or technology platform. Managing third-party risk with custom standards and frameworks on a per-vendor or per-organization basis is unscalable. In a world where organizations are responsible for not just their third parties, but fourth and fifth parties as well, standardization is the solution.
Shared Assessment’s key differentiator as the global standard for third-party risk lies in the organization’s work with vendors, licensees, and members across the industry. As a part of OneTrust, Shared Assessments will maintain its position as a global membership organization. Shared Assessments plans to review and update its policies and procedures to be in line with member and licensee expectations and continue collaborating in a neutral way with multiple tech vendors and industry partners.
OneTrust is committed to preserving Shared Assessments’ position as a respected industry organization. This integrity is vital for Shared Assessments to deliver on its goal to become the ubiquitous global standard for third-party risk. Shared Assessments will continue to build its programs, partnerships, and standards supported by its steering committees, advisory boards, licensee partnerships, and member agreements.
Growing the Summit, Certification, and Third-Party Risk Management Community
Shared Assessments will see continued growth and investment in the third-party risk management community. The Shared Assessments Summit flagship third-party risk event recently wrapped up a successful spring virtual conference. The Summit will continue to be among the most widely attended industry events for third-party risk with a diverse group of vendors, consultants, and industry organizations participating and sponsoring the Summit.
The Shared Assessments certification program will also see investment and growth. The accredited Certified Third Party Risk Professional (CTPRP) and Certified Third Party Risk Assessor (CTPRA) will continue to be offered live and on-demand for professionals seeking credibility, recognition, and marketability in third party risk. OneTrust and Shared Assessments will also look into ways to expand the CTPRP and CTPRA to be more accessible to third-party risk professionals around the world.
Shared Assessments will also continue to deliver its popular toolkits, research, and resources for its member community and the third-party risk industry at large. As a part of OneTrust, these resources can be translated and delivered worldwide to increase the global adoption of third-party risk best practices.
Industry Support for OneTrust Plans to Acquire Shared Assessments
“The third-party risk industry is in need of more collaboration to drive innovation and this announcement represents a bold move in that direction,” said Nick Sorensen, CEO of Whistic. “Reliance on standards like the SIG makes establishing trust and transparency easier for both buyers and sellers in the Whistic ecosystem and across the industry in general. As a long-time Shared Assessment Member and Licensee, I’m confident that this acquisition will help accelerate this trend and benefit all of us.”
“With the rise of business disruptions has come greater recognition of the critical role TPRM professionals play ensuring enterprise resilience,” said Atul Vashistha, Founder & CEO, Supply Wisdom. “While OneTrust has led the market with risk management technologies, Shared Assessment has engaged with risk professionals to advance their goal of common standards and practices for greater efficiency in third-party risk. Their union will accelerate these efforts towards global standards and approaches. As supporters of Shared Assessments’ efforts since its founding, the Supply Wisdom team is very excited for what this will bring to both our clients and the profession. For our clients, it will reduce risk management friction and enable leading practices benchmarking. For risk professionals, it will make it easier to accelerate greater adoption of automation from risk detection to risk actions automation.”
“The planned acquisition by OneTrust marks an important milestone for Shared Assessments and the member companies and organizations employing industry-standard resources to ensure third party risk management initiatives and efficiencies,” said Rocco Grillo, Managing Director, Global Cyber Risk Services, Alvarez & Marsal and a Shared Assessments Steering Committee member. “As the industry emerges into the post-COVID world, and embraces digital transformation growth, along with reliance on third-party providers, managing current and future risks born of new technologies is mission critical for companies. Shared Assessments will be well positioned to meet the third-party risk management community’s evolving cyber-attack resilience and compliance needs and to advance new solutions in response to emerging demands on a global scale.”
“Data privacy regulations are increasingly focused on data governance and disclosures to third parties,” said Linnea Solem, CEO, Solem Risk Partners. “This collaboration will strengthen the resources available to the industry to address that intersection and drive efficiency in assessing obligations beyond simply data security.”
“The Shared Assessment and OneTrust partnership will transform third-party risk governance and will be a game-changer in the global marketplace and the industry,” said Alpa Inamdar, Global Head of Third Party Governance Advisory, BNY Mellon.
“As long-time supporters of Shared Assessments we support any initiative to drive standardization of the SIG and accelerate growth in the third-party risk space,” said Brenda Ferraro, VP of Third-Party Risk at Prevalent.
Statements from Shared Assessments and OneTrust CEOs
“We are very excited about this strategic partnership and planned acquisition by OneTrust. Shared Assessments will have a unique opportunity to continue the vendor-neutral, thought leadership role we play in the third-party risk community, now with increased investment and global reach,” said Catherine A. Allen, Shared Assessments founder and interim CEO. “We’ll have more resources to help us more quickly drive standards in the industry, grow internationally, and provide more industry education and events. We’re excited to be a part of OneTrust and Kabir Barday’s culture of integrity and respect for the individual, which fits with our team and culture. Our joint vision of collaborative efforts within the industry will benefit third party risk management as a whole, and enable Shared Assessments to stay at the forefront of the industry and global adoption of standardization.”
“We believe standardization is the future of the third-party risk management market,” said Kabir Barday, CEO, OneTrust. “The Shared Assessments SIG is already one of the most widely used standards in the world, and together we can further invest in the SIG’s technology, global reach, and adoption so we can make it the ubiquitous global standard. We also recognize it is critical Shared Assessments continues to operate with a wide variety of industry players and is guided by their standards board and advisory committees. We are excited for the continued investment in Shared Assessments, the SIG, and the third-party risk community across the globe.”
To learn more about Shared Assessments and the future of third-party risk standardization, register for the webinar. For more, visit SharedAssessments.org.
Financial details of the acquisition were not disclosed, and the transaction is expected to close in May.
1Forrester blogs, Third-Party Risk Management: You Can’t Outsource Your Way Out Of Accountability, August 2020
OneTrust is a registered trademark or trademark of OneTrust LLC or its subsidiaries in the United States and other jurisdictions.
About OneTrust
OneTrust is the #1 fastest-growing company on Inc. 500 and the category-defining enterprise platform to operationalize trust. More than 8,000 customers, including half of the Fortune 500, use OneTrust to make trust a competitive differentiator, implementing central agile workflows across privacy, security, data governance, GRC, third-party risk, ethics and compliance, and ESG programs.
The OneTrust platform is backed by 140 patents and powered by the OneTrust Athena AI and robotic automation engine, and capabilities include:
- OneTrust Privacy - Privacy Management Software
- OneTrust DataDiscovery - AI-Powered Discovery and Classification
- OneTrust DataGovernance - Data Intelligence Software
- OneTrust Vendorpedia - Third-Party Risk Exchange
- OneTrust GRC - Integrated Risk Management Software
- OneTrust Ethics - Ethics and Compliance Software
- OneTrust PreferenceChoice - Consent and Preference Management Software
- OneTrust ESG – Environmental, Social & Governance Software
OneTrust has raised a total of $920 million in funding at a $5.3 billion valuation from Insight Partners, Coatue, TCV, SoftBank Vision Fund 2, and Franklin Templeton. OneTrust’s fast-growing team of 1,500 employees is co-headquartered in Atlanta and London with additional offices in Bangalore, Melbourne, Denver, Seattle, San Francisco, New York, São Paulo, Munich, Paris, Hong Kong, and Bangkok.
To learn more, visit OneTrust.com or connect on LinkedIn, Twitter, and YouTube.
About Shared Assessments
As the only organization that has uniquely positioned and developed standardized industry resources to bring efficiencies to the market for enterprise risk management for more than a decade, the Shared Assessments Program has become the trusted source in third-party risk assurance. Shared Assessments offers opportunities for members to address global risk management challenges through leadership, best practices, tools, training, and special interest groups. Join the dialog with peer companies at www.sharedassessments.org.