Agenda

    Workshops
    Apr,7 Apr,8
  • Monday
  • Tuesday
  • Summit
    Apr,9 Apr,10
  • Wednesday
  • Thursday
  • Certification
    Apr,11
  • Friday
  • Monday,April 8
    Workshops
    7:00 am – 8:00 am
    Breakfast and Opening of Registration
    8:00 am – 5:00 pm
    Optimizing Your Third Party Risk Management Program Pre-Summit Workshop

    You have a third party risk management program but you’re not so sure as to how to optimize it. You are being asked by your Board of Directors and C-level management “How are we doing compared to (fill in company)?” With so much focus on the various challenges of third party risk assessment like assessments, continuous monitoring, partnering with organizations both internal and external, many organizations miss the critical process steps that must be in place for a successful and sustainable Third Party Risk Management Program (TPRMP).

    This workshop will cover the key elements of maintaining a sustainable and focused enterprise Third Party Risk Management Program, and provide more meaningful insight into how good a job organizations are doing in evaluating their own third party risk management processes. This will be done by previewing and discussion some of the results of the recently released 2018 Vendor Risk Management Maturity Study with this group. We will address such topics as: Policy, Process and Practices; Inventory, Contracts; Risk Tiering and Assessments; Ongoing Oversight and Monitoring; Technology Platforms; Regulatory Considerations; Issue tracking and Remediation; and Enterprise Program Metrics. Participants will engage in enhancing sustainable programs in response to different industry considerations and sharing solutions. This workshop will be useful to all TPR professionals regardless of industry vertical or regulatory requirements for a specific business.

    CPE CREDITS: 8 CPE credits can be earned for completion of this Workshop.

  • Tuesday,April 9
    Workshops
    7:00 am – 8:00 am
    Breakfast and Opening of Registration
    8:00 am – 12:00 pm
    Toolkit Training: SIG Optimization Workshop

    Attendees will demonstrate they have mastered all aspects of utilizing the Shared Assessments Program Standardized Information Gathering (SIG) questionnaire, including the creation and use of a Master SIG; the scoping of a vendor assessment; utilization of the SIG Management Tool (SMT) and all its functionality. Additionally, attendees will demonstrate an understanding of utilizing documented best practices upon receiving a completed SIG and supporting artifacts within the due diligence processes of a third party risk governance program. Attendees will receive a Shared Assessments Program Toolkit Training Course Completion Certificate for the 2019 Tool Release.

    8:00 am – 12:00 pm
    Data Management and Third Party Risk Pre-Summit Workshop

    Good data management and hygiene are essential components of organizational performance, but the trend toward more outsourcing in today’s environment complicates a set of already challenging set of administration requirements. Customer data, sensitive proprietary organizational data, financial data and the data we use to manage third party risk all demand an increased level of practice maturity as the risk and regulatory environments evolve. This workshop will focus on new and emerging best practices for data access, data governance, data integration, data integrity, data confidentiality, data aggregation, data preparation, and data security. It will consider challenges associated with the increased use of external data in managing third party risk programs through continuous monitoring activities which often generate significant quantities of data. Upon analysis, only a subset of this data may be material and actionable in identifying potential risks. Join your colleagues for an important discussion of data management challenges and solutions.

    1:00 pm – 5:00 pm
    Toolkit Training: SCA Implementation Workshop

    Attendees will demonstrate a thorough understanding of the Shared Assessments Program Standardized Control Assessment (SCA) procedures risk control framework, sampling parameters and testing procedures. They will also have demonstrated the ability to use the SCA as a self-assessment tool to evaluate their own company’s risk control environment. Synergies between SIG scoping and SCA testing will be shared. Attendees will receive a Shared Assessments Program Toolkit Training Course Completion Certificate for the 2019 Tool Release.

    1:00 pm – 5:00 pm
    Cybersecurity and Continuous Monitoring Workshop

    This session will share best practices in the continuous third party risk monitoring ecosystem. Continuous monitoring, an uninterrupted, real-time (or near real-time) risk management technique, is designed to improve an organization’s awareness of changes to controls that could indicate potential weaknesses. The session will focus on expectations, techniques and solutions being used to continuously monitor controls in cybersecurity, cyber hygiene, financial viability, negative news, geopolitical events and resiliency risk areas.

    CPE CREDITS: 4 CPE credits can be earned for completion of each of the 1/2 day Workshops.

  • Wednesday,April 10
    Summit
    7:30 am – 8:30 am
    Breakfast and Opening of Registration
    8:30 am – 9:00 am
    Welcome and Opening Remarks

    Catherine A. Allen, Chairman and CEO, The Santa Fe Group

    9:00 am – 9:30 am
    Keynote Speaker: Perspective From a CISO Pioneer on Information Security Practices

    Steven Katz, Owner, Security Risk Solutions, LLC

    9:30 am – 10:15 am
    What CISO’s are Facing Today and in the Future
    10:15 am – 10:45 am
    Exhibitor Networking Break
    10:45 am – 11:30 am
    Managing a New Area of Risk: Convergence of Operation Technology (OT) & Information Technology (IT)
    11:30 am – 12:00 pm
    Sponsored Case Study
    12:00 pm – 12:45 pm
    Luncheon Buffet
    12:45 pm – 1:15 pm
    Global Risk: A CEO’s Perspective
    1:15 pm – 2:00 pm
    Reputational Risk and Crisis Communications in Third Party Risk
    2:00 pm – 2:30 pm
    Keynote Speaker: Innovation in Regulation

    Jing de Jong Chen, Partner and General Manager of Global Cybersecurity Strategy
    Microsoft Corporation

    2:30 pm – 3:15 pm
    Regulatory Panel Cybersecurity and Data Protection
    3:15 pm – 3:45 pm
    Exhibitor Networking Break
    3:15 am – 3:45 am
    Solutions Showcases (1 of 2)
    3:15 pm – 3:45 pm
    Solutions Showcases (2 of 2)
    3:45 pm – 4:30 pm
    AI, Robotics and Machine Learning: Impact on Third Party Risk
    4:30 pm – 5:15 pm
    Fintech Discussion
    5:15 pm – 6:45 pm
    Networking Reception
  • Thursday,April 11
    Summit
    7:30 am – 8:30 am
    Breakfast Buffet and Opening of Registration
    8:30 am – 9:00 am
    Keynote Speaker: Disruptive Risk

    James Lam, President
    James Lam & Associates

    9:00 am – 9:45 am
    Risk Framework and Risk Appetite
    9:45 am – 10:30 am
    Shared Assessments Program Update
    10:30 am – 11:00 am
    Exhibitor Networking Break
    11:00 am – 11:45 am
    Third Party Risk Research Update
    11:45 am – 12:15 pm
    Sponsored Case Study
    12:15 pm – 1:00 pm
    Luncheon Buffet
    1:00 pm – 1:30 am
    Keynote Speaker
    1:30 pm – 2:15 pm
    In Boards We Trust: Examines How Boards are Looking at Risk
    2:15 pm – 2:45 pm
    Exhibitor Networking Break
    2:15 pm – 2:45 pm
    Solutions Showcases (1 of 2 Showcases)
    2:15 pm – 2:45 pm
    Solutions Showcases (2 of 2 Showcases)
    2:45 pm – 3:45 pm
    Global Issues in Third Party Risk Management
    3:45 pm – 4:15 pm
    Closing Remarks
    4:15 pm – 6:15 pm
    Closing Reception

     
    CPE Credits: 15.5 CPE Credits can be obtained by completion of the two day Summit
     

  • Friday,April 12
    Certification
    7:30 am – 8:00 am
    Breakfast and Opening of Registration
    8:00 pm – 6:00 pm
    CTPRP Workshop & Exam

    The Certified Third Party Risk Professional (CTPRP) designation from the Shared Assessments Program validates that expertise, providing professional credibility, recognition and marketability. This workshop will examine best practice management of the vendor lifecycle, vendor risk identification and rating as well as knowledge of the fundamentals of vendor risk assessment, monitoring and management.

    8:00 am – 6:00 pm
    CTPRA Workshop & Exam

    The Certified Third Party Risk Assessor (CTPRA) designation from the Shared Assessments Program validates knowledge within specific IT risk control domains that an individual will need in order to perform a thorough IT risk evaluation of a third party during an assessment.

    CPE CREDITS: CPE Credits will be granted as follows:
    7 CPE Credits* will be offered for completion of the the Shared Assessments CTPRP workshop.

    10 CPE Credits* will be offered for completion of the the Shared Assessments CTPRA workshop. A sign-in sheet will be provided at each registration table. Please note that you must sign in each day to receive the credits.

    *In accordance with the standards of the National Registry of CPE sponsors, credits are based on a 50-minute hour.