International Vendor Risk Management Standards Group Opens its Doors to Healthcare, Retailers, Telecoms, Others

September 29, 2009 – Santa Fe, NM USA ( – The Santa Fe Group announced today that the Shared Assessments Program will expand its membership to outsourcers in healthcare, retail, telecommunications, manufacturing, higher education, government and other sectors.

Founded by leading US financial institutions and their service provider partners, Shared Assessments membership was until now limited to financial institutions, their service providers and assessment firms. Beginning today, the Program will offer membership opportunities to outsourcers in a variety of industries.

“Since 2005, major financial institutions based here in the US and overseas have been using the Shared Assessments Program standards to perform vendor assessments,” said Catherine A. Allen, chairman and CEO of The Santa Fe Group and founder of the Shared Assessments Program. “More and more, outsourcers in other industries — particularly healthcare — are using these free tools to cost-effectively manage their vendor programs. It’s time to offer them the benefits of full participation in Shared Assessments through membership.”

Nearly 60 companies are members of the Shared Assessments Program. More than 8,000 individuals from organizations across the globe, including companies in India, China, South America, and the EU, have downloaded the Program’s free tools.

Membership in the Shared Assessments Program allows companies the opportunity to participate in a global community of outsourcing and risk management professionals. Members work together to create industry-standard tools that ensure risk management rigor while introducing unprecedented efficiencies in IT vendor management. Members meet regularly to discuss issues in outsourcing risk management and update the Shared Assessments tools to keep them current with regulatory and other changes in the risk management landscape. A core group of members, the Technical Development Committee, works to develop and update Shared Assessments’ rigorous standards for security, privacy and business continuity.

In October, the Shared Assessments Program will publish tools updated with important privacy controls mapped to the AICPA/CICA framework, GLBA, HIPAA, HITECH Act and PIPEDA regulations as well as the EU Directive and other laws. The updated tools will be available for free download on the Shared Assessments website.

“Shared Assessments has revolutionized control assessments for financial institutions, introducing unprecedented efficiencies while ensuring rigorous risk management,” said Parthiv Shah, director, Information Services, with the Depository Trust & Clearing Corporation (DTCC). “As global rules for security, privacy and business continuity converge, opening membership to healthcare organizations, retailers, telecommunications companies and others makes good business sense.” A member of the Shared Assessments Program Working Group, DTCC uses the Program’s standards to perform assessments of vendors.

“Nothing is more important to us than protecting our customers’ information,” said Joseph DeSalvo, senior vice president and chief security officer of Iron Mountain, the global leader in information protection and storage services, and a member of the Shared Assessments Program. “The Shared Assessments Program supports this mission by offering rigorous standards for vendor assessments. We’re proud to have helped contribute to these standards, and as users of them, we’ve seen their effectiveness first-hand. As a company with customers in virtually every industry, we believe the expansion of the Shared Assessments membership has the potential to streamline assessments for security, privacy and business continuity not just in financial services but across all of the industries we serve.”

About The Santa Fe Group

The Shared Assessments Program ( is managed by The Santa Fe Group ( A strategic consulting company providing unparalleled expertise to leading financial institutions and other critical infrastructure companies, The Santa Fe Group draws from the most advanced thinking in the industry and access to experts in risk management, technology, security, innovation and other critical areas to bring outstanding results to its clients.



Susanna Space