About the Shared Assessments Program

The Shared Assessments Program was created by leading financial institutions, the Big Four accounting firms, and key service providers to inject standardization, consistency, speed, efficiency and cost savings into the vendor risk assessment process. Through membership and use of the Shared Assessments tools (the Agreed Upon Procedures and the Standardized Information Gathering questionnaire), Shared Assessments offers companies and their service providers a faster, more efficient and less costly means of conducting rigorous assessments of controls for security, privacy and business continuity. The Shared Assessments Program is managed by The Santa Fe Group, a strategic consulting company based in Santa Fe, New Mexico.

A Global Community

Shared Assessments members are national and international organizations of all sizes that understand the importance of comprehensive standards for managing risk. They are financial institutions, healthcare organizations, energy/utility, retailers and telecommunications companies. They are service providers of all sizes, consulting companies, and assessment firms. They are the best in their class, members of a global community of risk vendor risk management experts who understand the value of implementing efficient and effective industry-standard practices. 

The Santa Fe Group manages the Shared Assessments Program. Together, Shared Assessments’ diverse membership works to increase awareness and adoption of the Program Tools across industry sectors and around the globe.

Shared Assessments CTPRP Certification Training

The Certified Third Party Risk Professional (CTPRP) certification from Shared Assessments is aimed at IT professionals responsible for managing risk associated with an organization’s use of third-party vendors and service providers. Traditional third-party partners include independent contractors or subcontractors, cloud storage solution vendors, outside auditing firms, public relations firms, or any other individual or group receiving outsourced work from an organization. Risk management specialists can often focus too exclusively on internal risk, and don’t always factor in the risk presented by outside partners who perform functions which have been outsourced by the parent organization. The CTPRP cert validates individuals specialized in assessing and creating risk management solutions for an organization’s third-party business partners. Shared Assessments is a consortium of companies, IT service providers and accounting firms who have a mutual interest in establishing and maintaining a professional program dedicated to third-party risk management. Shared Assessments is a part of the Santa Fe Group, a business strategy consulting firm founded in 1996. 

CTPRP training

One of the requirements for earning CTPRP certification is a minimum of five years’ experience as a risk management professional, with specific experience in third-party risk management issues. Candidates must also attend the Shared Assessments Program CTPRP Workshop, and then pass the Shared Assessments CTPRP certification exam. The five-year professional experience requirement makes the CTPRP a “midstream” career cert, in that candidates have likely already been trained on the skills and knowledge necessary to successfully navigate the required workshop and pass the CTPRP certification exam.