ABC Agenda | Summit


    Apr 27 - Apr 28
  • Monday
  • Tuesday
  • Summit
    Apr 29th - Apr 30th
  • Wednesday
  • Thursday
  • Certification
    May 1
  • Friday
  • Monday, April 27
    8:00 am – 5:00 pm
    Putting the Shared Assessment Framework into Action

    Third party risk management programs everywhere are grappling with how to protect their organizations against escalating risks and meet new regulations while at the same dealing with limited resources and management teams that don’t always understand the importance good TPRM. This session will address the challenges organizations face today by exploring not only best practices and techniques for improving programs on an incremental basis, but also by focusing on processes that can better leverage existing resources and help programs operate more efficiently and effectively. Buttressed by materials introduced in the newly published Shared Assessments Third Party Risk Management Framework, attendees can expect a “nuts and bolts” discussion that should provide new both insights and an enlightened perspective on existing processes and procedures. Discussion topics will include:


    • The Shared Assessments Framework Overview
    • Addressing Evolving Risk Challenges
    • Cybersecurity
    • Cloud
    • Emerging Technologies (AI, IoT, 5G, etc.)
    • Resiliency
    • Geo-political
    • Environmental
    • Mergers and Acquisitions
    • Assessment Repositories


    (8 CPE credits can be earned for completion.)



  • Tuesday, April 28
    8:00 am – 12:00 pm
    SIG Toolkit Training – Covering all the Basics (Beginner)

    As we continue to enhance the SIG, its basic assessment capabilities have continued to expand. Upon completion of the workshop, attendees will understand all of the primary risk management capabilities of the Shared Assessments Program Standardized Information Gathering (SIG) questionnaire, including the creation and use of a Master SIG; the scoping of a vendor assessment; utilization of the SIG Management Tool (SMT) and all its functionality.  Additionally, attendees will obtain an understanding of best practices for reviewing a completed SIG and supporting artifacts within the due diligence processes of a third party risk governance program. Attendees will receive a Shared Assessments Program SIG Toolkit Training Course Completion Certificate for the 2020 Tool Release. (4 CPE credits can be earned for completion.)


    8:00 am – 12:00 pm
    SIG Optimization Workshop (Advanced)

    Learn to Leverage all of the Benefits of the 2020 SIG. This workshop is designed for those individuals who are developing or managing a mature TPRM Program. Attendees will understand how to harness the full power of the SIG and tune it to their specific program’s needs. Along with advanced scoping techniques and highly refined SIG functionality, we will cover leading edge best practices to take your program to the next level.   Additionally, attendees will focus on how to integrate these highly mature best practices into their TPRM Program.  Attendees will receive a Shared Assessments Program Advanced SIG Toolkit Training Course Completion Certificate for the 2020 Tool Release. (4 CPE credits can be earned for completion.)



    1:00 pm – 5:00 pm
    Third Party Risk Assessments: More Than a Checklist Process

    In this workshop, you will learn Tips and Tricks for developing and streamlining a risk-based third-party risk assessment process as well as how to determine the type of assessment to conduct.(4 CPE credits can be earned for completion.)


    1:00 pm – 5:00 pm
    Navigating Data Governance for Privacy and Third Party Risk

    Privacy regulatory changes are putting a spotlight on third party relationships. Data management and ethical data use are now just as critical as data protection. The session will cover evolving third-party risk management obligations, privacy trends, including compliance elements for CCPA that impact vendor management. Our speakers will also highlight use cases for the Shared Assessments Program’s Tools for identifying, classifying and tracking data in third party relationships that support the “Trust but Verify” model of third party risk. 

    (4 CPE credits can be earned for completion.)



  • Wednesday, April 29
    7:30 am – 8:30 am
    Registration Opens and Breakfast
    8:30 am – 9:00 am
    Opening Remarks

    Catherine A. Allen, Chairman and CEO
    The Santa Fe Group

    9:00 am – 9:30 am
    Keynote Speaker

    Jim Routh, CISO

    9:30 am – 10:15 am
    CISO Panel: Top of Mind Issues CISO’s are Facing

    Valerie Abend, Managing Director

    Jim Routh, CISO

    Larry Clinton, President and CEO
    Internet Security Alliance (ISA)

    10:15 am – 10:45 am
    Exhibitor Networking Break
    10:45 am – 11:30 am
    Risk Framework Panel

    Gary Roboff, Senior Advisor
    The Santa Fe Group, Shared Assessments Program

    Dr. Jack Freund, Director, Risk Science
    RiskLens, Inc / FAIR Institute

    11:30 am – 12:00 pm
    Sponsored Case Study Presented by Bitsight

    Jake Olcott, Vice President of Communications & Government Affairs

    Nasser Fattah, Managing Director
    MUFG Union Bank
    2020 Shared Assessments Program Vice-Chair

    12:00 pm – 12:45 pm
    Luncheon Buffet
    12:45 pm – 1:30 pm
    Geopolitical Risk
    1:30 pm – 2:15 pm
    Afternoon Keynote
    2:15 pm – 2:45 pm
    Exhibitor Networking Break and Solution Showcases

    Solutions Showcases: (Showcases will run from 2:20 – 2:40)

    • Presented by: ProcessUnity– Diplomat Room 1st Floor
    • Presented by: Panorays – Ambassador Room 1st Floor
    2:45 pm – 3:30 pm
    Crisis Management and Resiliency
    3:30 pm – 4:00 pm
    Privacy and Innovation

    Jo Ann Barefoot, Founder and CEO
    Barefoot Innovation Group

    4:00 pm – 5:00 pm
    Privacy Panel
    5:00 pm – 6:30 pm
    Networking Reception
  • Thursday, April 30
    7:30 am – 8:30 am
    8:00 am – 8:30 am
    Sponsored Breakfast Case Study
    8:30 am – 9:00 am
    Keynote Speaker
    9:00 am – 10:00 am
    Regulatory Panel
    10:00 am – 10:30 am
    Exhibitor Networking Break
    10:30 am – 11:30 am
    Shared Assessments Program Update
    11:30 am – 12:00 am
    Sponsored Case Study Presented by: OneTrust

    Compliance Checklist: Third-Party Risk for ISO 27001, GDPR, CCPA, and NIST

    Jaymin Desai, Offering Manager
    OneTrust VendorpediaTM

    12:00 pm – 1:00 pm
    Luncheon Buffet
    1:00 pm – 1:30 pm
    Keynote Speaker
    1:30 pm – 2:15 pm
    Board Perspective on Cyber and Third Party Risk
    2:15 pm – 2:45 pm
    2:45 pm – 3:15 pm
    Exhibitor Networking Break and Solution Showcases

    Solutions Showcases:
    Showcases will run from 2:50 – 3:10

    3:15 pm – 3:45 am

    Global Issues and Risk

    3:45 pm – 4:30 pm
    Talent Management Panel

    Career path of the TPRM Professional. Include research on the path as well as benefits of certification etc.

    4:30 pm – 5:00 pm
    Closing Remarks
  • Friday, May 1
    7:30 am – 6:00 pm
    Post Summit Certifications

    CTPRP Class

    The Certified Third Party Risk Professional (CTPRP) designation from the Shared Assessments Program validates expertise, providing professional credibility, recognition, and marketability in third party risk. NOTE: Exam to be taken virtually at a later date.

    CTPRA Class

    The Certified Third Party Risk Professional (CTPRP) designation from the Shared Assessments Program validates expertise, providing professional credibility, recognition, and marketability in third party risk. NOTE: Exam to be taken virtually at a later date.



Participating in the Summit opened opportunities to work with professionals and understand the essential work and sharing of expertise is extended by encouragement to participate in forums conducted throughout the year. This was a high quality experience that pays continuous dividends.
Julia Perry Senior Program Manager, Security and Compliance, Mortech, a Zillow Group business
I look forward to the Summit each year. The speaker and audience discussions give me great insights into key trends, solutions and new opportunities. It’s like a MBA refresher on TPRM in just 2 days!
Atul Vashistha Chairman and CEO, Neo Group
Third Party Risk Management is blessed with a vibrant community of dedicated professionals that emerge from their SCIFs “Sensitive Compartmented Information Facilities” too infrequently. The Summit is the opportunity to collaborate with peers, learn and energize your TPRM career for the upcoming year. It’s a charging station of positive risk management energy! That’s why I never miss it.
Luc Levensohn Manager, Information Risk Management, Staples
No better place to connect with other third-party professionals to share ideas, challenges and solutions. Summit always provides great pragmatics nuggets of wisdom that one can take back to their jobs and take advantage immediately Always good to see how firms are further aligning their third party program with business strategies and objectives so executives see the program as value vs required overhead
Nasser Fattah Managing Director, MUFG Union Bank, N.A
The Shared Assessment Summit is one of the few “ I can’t miss” sessions of the year. It provides the latest in innovation, major external factors impacting our industries delivered through expert speakers, and connection to some of the best people in our industry. I’ll look forward to our next summit.
Mark Holladay Executive Vice President and Chief Risk Officer, Synovus
For over a decade, the Shared Assessments Summit brings together risk management professionals across industries to spotlight ways to help organizations define, run, and measure their third party risk management programs.
Linnea Solem CEO and Founder, Solem Risk Partners LLC