OneTrust Acquires Shared Assessments, Third-Party Risk Management Leaders

By Peter Kelley

OneTrust, a fast-growing data privacy, compliance and governance enterprise platform backed by leading VCs, has acquired Shared Assessments, the global membership organization dedicated to developing the best practices, education, and tools to drive third-party risk assurance. 

Recent global events such as the COVID-19 pandemic and Solar Winds exposure have exacerbated the challenges of managing third-party risk, and the invalidation of the EU-US Privacy Shield (Schrems II) is forcing organizations to reevaluate thousands of third-party data transfers. 

“The Shared Assessment and OneTrust partnership will transform third-party risk governance and will be a game-changer in the global marketplace and the industry,” said Alpa Inamdar, Global Head of Third Party Governance Advisory, BNY Mellon.

The need for a global standard in third-party risk is clear. According to Forrester, “The number of third parties requiring vetting, monitoring, and mitigation far exceed the capacity of most TPRM teams, so they only focus on those considered ‘critical.’” These issues are multiplied by each risk assessment questionnaire having an average of 200 questions. 

The acquisition lets Shared Assessments further scale the availability and adoption of its tools and risk management resources such as its Standardized Information Gathering Questionnaire (SIG), now used by more than 15,000 companies globally. Points of SIG expansion include: 

  • Global reach: Making the SIG globally available in languages around the globe
  • International alignment: Aligning the SIG more deeply with international frameworks
  • Real-time updates: Adapting in real-time based on industry news and events (e.g. COVID, Schrems II)
  • Adjacent risk domains: Advance its adoption across multiple risk areas, including ESG
  • Technology enhancements: Build an advanced next gen technology platform to make it easier for organizations to adopt and apply the SIG in their programs

The member-driven Shared Assessment organization works with vendors, licensees, and members across the industry to develop and advance the adoption of its popular tools such as the SIG.

“We believe standardization is the future of the third-party risk management market,” said Kabir Barday, CEO, OneTrust. “The Shared Assessments SIG is already one of the most widely used standards in the world, and together we can further invest in the SIG’s technology, global reach, and adoption so we can make it the ubiquitous global standard. We also recognize it is critical Shared Assessments continues to operate with a wide variety of industry players and is guided by their standards board and advisory committees.”

The popular annual Shared Assessments Summit, thought leadership, professional certifications programs and other initiatives will also see investment, and Shared Assessments plans to continue operating as an open and vendor-neutral industry organization.

Linnea Solem, CEO, Solem Risk Partners, said: “This collaboration will strengthen the resources available to the industry to address that intersection and drive efficiency in assessing obligations beyond simply data security.”

OneTrust voiced its commitment to preserving Shared Assessments’ position as a respected industry organization, noting that the organization’s integrity is essential to its role as a ubiquitous global standard for third-party risk. 

“We are very excited about this strategic partnership and planned acquisition by OneTrust,” said Catherine A. Allen, Shared Assessments founder and interim CEO. ” We’re excited to be a part of OneTrust and Kabir Barday’s culture of integrity and respect for the individual, which fits with our team and culture. Our joint vision of collaborative efforts within the industry will benefit third party risk management as a whole, and enable Shared Assessments to stay at the forefront of the industry and global adoption of standardization.”

Follow Brilliance Security Magazine on Twitter and LinkedIn to ensure you receive alerts for the most up-to-date security and cybersecurity news and information.