Agenda

    Workshops
    Apr 27 - Apr 28
  • Monday
  • Tuesday
  • Summit
    Apr 29th - Apr 30th
  • Wednesday
  • Thursday
  • Certification
    May 1
  • Friday
  • Monday, April 8
    Workshops
    7:00 am – 8:00 am
    Breakfast and Opening of Registration
    8:00 am – 5:00 pm
    Optimizing Your Third Party Risk Management Program Pre-Summit Workshop

    You have a third party risk management program but you’re not so sure as to how to optimize it. You are being asked by your Board of Directors and C-level management “How are we doing compared to (fill in company)?” With so much focus on the various challenges of third party risk assessment like assessments, continuous monitoring, partnering with organizations both internal and external, many organizations miss the critical process steps that must be in place for a successful and sustainable Third Party Risk Management Program (TPRMP).

    This workshop will cover the key elements of maintaining a sustainable and focused enterprise Third Party Risk Management Program, and provide more meaningful insight into how good a job organizations are doing in evaluating their own third party risk management processes. This will be done by previewing and discussion some of the results of the recently released 2018 Vendor Risk Management Maturity Study with this group. We will address such topics as: Policy, Process and Practices; Inventory, Contracts; Risk Tiering and Assessments; Ongoing Oversight and Monitoring; Technology Platforms; Regulatory Considerations; Issue tracking and Remediation; and Enterprise Program Metrics. Participants will engage in enhancing sustainable programs in response to different industry considerations and sharing solutions. This workshop will be useful to all TPR professionals regardless of industry vertical or regulatory requirements for a specific business.

    CPE CREDITS: 8 CPE credits can be earned for completion of this Workshop.

  • Tuesday, April 9
    Workshops
    7:00 am – 8:00 am
    Breakfast and Opening of Registration
    8:00 am – 12:00 pm
    Toolkit Training: SIG Optimization Workshop

    Attendees will demonstrate they have mastered all aspects of utilizing the Shared Assessments Program Standardized Information Gathering (SIG) questionnaire, including the creation and use of a Master SIG; the scoping of a vendor assessment; utilization of the SIG Management Tool (SMT) and all its functionality. Additionally, attendees will demonstrate an understanding of utilizing documented best practices upon receiving a completed SIG and supporting artifacts within the due diligence processes of a third party risk governance program. Attendees will receive a Shared Assessments Program Toolkit Training Course Completion Certificate for the 2019 Tool Release.

    8:00 am – 12:00 pm
    Data Management and Third Party Risk Pre-Summit Workshop

    Good data management and hygiene are essential components of organizational performance, but the trend toward more outsourcing in today’s environment complicates a set of already challenging set of administration requirements. Customer data, sensitive proprietary organizational data, financial data and the data we use to manage third party risk all demand an increased level of practice maturity as the risk and regulatory environments evolve. This workshop will focus on new and emerging best practices for data access, data governance, data integration, data integrity, data confidentiality, data aggregation, data preparation, and data security. It will consider challenges associated with the increased use of external data in managing third party risk programs through continuous monitoring activities which often generate significant quantities of data. Upon analysis, only a subset of this data may be material and actionable in identifying potential risks. Join your colleagues for an important discussion of data management challenges and solutions.

    1:00 pm – 5:00 pm
    Toolkit Training: SCA Implementation Workshop

    Attendees will demonstrate a thorough understanding of the Shared Assessments Program Standardized Control Assessment (SCA) procedures risk control framework, sampling parameters and testing procedures. They will also have demonstrated the ability to use the SCA as a self-assessment tool to evaluate their own company’s risk control environment. Synergies between SIG scoping and SCA testing will be shared. Attendees will receive a Shared Assessments Program Toolkit Training Course Completion Certificate for the 2019 Tool Release.

    1:00 pm – 5:00 pm
    Cybersecurity and Continuous Monitoring Workshop

    This session will share best practices and techniques in the continuous third party risk monitoring ecosystem and will benefit those just starting their TPRM programs as well as those who are keen to focus their limited resources and enhance their programs. The session will offer best practices from leading experts and hands on exercises, which will focus on expectations, techniques and solutions being used to continuously monitor controls in cybersecurity, cyber hygiene, financial viability, negative news, geopolitical events and resiliency risk areas. As we move through an ever increasing risk and threat environment, we need to be considering continuous monitoring solutions, which provide an uninterrupted, real-time (or near real-time) risk management technique, and are designed to improve an organization’s awareness of changes to controls that could indicate potential weaknesses.

    CPE CREDITS: 4 CPE credits can be earned for completion of each of the 1/2 day Workshops.

  • Friday, April 12
    Certification
    7:30 am – 8:00 am
    Breakfast and Opening of Registration
    8:00 am – 5:00 pm
    CTPRP Workshop

    The Certified Third Party Risk Professional (CTPRP) designation from the Shared Assessments Program validates that expertise, providing professional credibility, recognition and marketability. This workshop will examine best practice management of the vendor lifecycle, vendor risk identification and rating as well as knowledge of the fundamentals of vendor risk assessment, monitoring and management.

    *Note that this is for the CTPRP Workshop course only. The exam will be taken online on a TBD date.

    8:00 am – 6:00 pm
    CTPRA Workshop

    The Certified Third Party Risk Assessor (CTPRA) designation from the Shared Assessments Program validates knowledge within specific IT risk control domains that an individual will need in order to perform a thorough IT risk evaluation of a third party during an assessment.

    *Note that this is for the CTPRA Workshop course only. The exam will be taken online on a TBD date.

    CPE CREDITS: CPE Credits will be granted as follows:
    9 CPE Credits* will be offered for completion of the the Shared Assessments CTPRP workshop.

    10.5 CPE Credits* will be offered for completion of the the Shared Assessments CTPRA workshop. A sign-in sheet will be provided at each registration table. Please note that you must sign in each day to receive the credits.

    *In accordance with the standards of the National Registry of CPE sponsors, credits are based on a 50-minute hour.

  • Thursday, April 11
    Summit
    7:30 am – 8:30 am
    Breakfast Buffet and Opening of Registration
    8:00 am – 8:30 am
    Breakfast Case Study-From GDPR to California Privacy: Managing Vendor Risk

    Blake Brannon
    Vice President of Product, OneTrust

    Managing vendor risk is a continuous effort under GDPR, California CCPA and other global regulations. As organizations continue to improve their privacy and security programs, streamlining 3rd and 4th party vendor risk has become a priority. In this session, you’ll learn how to implement successful vendor risk processes, expedite vendor onboarding, and hear practical advice to automate vendor risk management within a software technology platform.

    • Review the drivers and challenges organizations face when managing third-party vendor risk
    • Outline methods for managing third-party security and privacy risk
    • Identify priorities before, during and after vendor procurement
    • Takeaway an approach for automating the third-party vendor risk lifecycle
    8:30 am – 9:00 am
    Keynote Speaker: Board Oversight of Disruptive Risks

    James Lam, President
    James Lam & Associates

    9:00 am – 9:45 am
    Risk Framework and Risk Appetite

    MODERATOR
    Brenda Ferraro, Senior Director – Networks
    Prevalent, Inc.

    PANELISTS
    Tammy Rambaldi, Director, Third Party Risk Management
    Johnson & Johnson

    Annie Searle, Lecturer
    University of Washington

    Jack Jones, Executive VP Research & Development, Co-Founder
    RiskLens, Inc / FAIR Institute

    9:45 am – 10:15 am
    Exhibitor Networking Break
    10:15 am – 11:15 am
    In Boards We Trust Examines How Boards are Looking at Risk

    MODERATORS
    Joe Prochaska, Board Member
    Synovus Financial Corporation

    PANELISTS
    Charles “Chuck” Yamarone, Board Chair, El Paso Electric Company;
    Chief Corporate Governance & Compliance Officer
    Houlihan Lokey

    Shamla Naidoo, Global CISO
    IBM Corporation
    Dr. Joyce Cacho, CAMS
    Corporate Board Director
    Land O’Lakes, Inc. and Sunrise Banks

    Dr. Joyce Cacho, CAMS
    Corporate Board Director
    Land O’Lakes, Inc. and Sunrise Banks

    11:15 am – 11:45 am
    Sponsored Case Study

    Sponsored Case Study presented by: NormShield, Inc.

    PRESENTERS
    Bob Maley Chief Security Officer
    NormShield, Inc.

    Patti Titus, Chief Privacy and Information Security Officer
    Markel Corporation

    11:45 am – 12:45 pm
    Luncheon Buffet
    12:45 pm – 1:30 pm
    Shared Assessments Program Update

    PRESENTERS
    Sylvie Obledo, Project Manager
    The Santa Fe Group, Shared Assessments Program

    Jonathan Dambrot
    Shared Assessments Advisory Board Member

    Emily Irving, VP of Third Party Risk
    BlackRock, Inc.
    2019 Shared Assessments Program Vice-Chair

    1:30 pm – 2:00 pm
    Global Risk: A CISO’s Perspective

    Shamla Naidoo, VP, IT Risk and CISO
    IBM Corporation

    2:00 pm – 2:45 pm
    Global Issues in Third Party Risk Management

    MODERATORS
    Linnea Solem, Founder and CEO
    Solem Risk Partners, LLC

    PANELISTS
    Matt Moog, Principal
    EY

    Blake Brannon, Vice President of Product
    OneTrust

    Abhijeet Karle, Senior Information Security Officer
    International Monetary Fund

    2:45 pm – 3:15 pm
    Solutions Showcases (1 of 2 Showcases)

    Showcases will run from 2:50 – 3:10
    Presented by: OneTrust – Diplomat Room 1st Floor

    2:45 pm – 3:15 pm
    Solutions Showcases (2 of 2 Showcases)

    Showcases will run from 2:50 – 3:10
    Presented by: SecurityScorecard – Ambassador Room 1st Floor

    3:15 pm – 4:00 pm
    Third Party Risk Research Update

    MODERATORS
    Gary Roboff, Senior Advisor
    The Santa Fe Group, Shared Assessments Program

    PANELISTS
    Paul Kooney, Managing Director
    Protiviti, Inc.

    Rocco Grillo
    Shared Assessments Steering Committtee Member

    Charlie Miller, Senior Advisor
    The Santa Fe Group, Shared Assessments Program

    Larry Ponemon, Chairman and Founder
    Ponemon Institute

    4:00 pm – 4:30 pm
    Closing Remarks

    Catherine A. Allen, Chairman and CEO
    The Santa Fe Group

    4:30 pm – 6:30 pm
    Closing Reception

     
    CPE Credits: 15.5 CPE Credits can be obtained by completion of the two day Summit
     

  • Wednesday, April 10
    Summit
    7:30 am – 8:30 am
    Breakfast and Opening of Registration
    8:30 am – 9:00 am
    Welcome and Opening Remarks

    Catherine A. Allen, Chairman and CEO
    The Santa Fe Group

    9:00 am – 9:30 am
    Keynote Speaker: Perspective From a CISO Pioneer on Information Security Practices

    Steven Katz, Owner
    Security Risk Solutions, LLC

    9:30 am – 10:15 am
    What CISO’s are Facing Today and in the Future

    MODERATOR
    Joyce Brocaglia, President & CEO
    Alta Associates

    PANELISTS
    Steven Katz, Founder and President
    Security Risk Solutions, LLC

    Kevin Gowen, CISO
    Synovus Financial Corporation

    Devon Bryan, EVP and CISO
    The Federal Reserve System

    Suzanne Hall, Global CISO and Technology Executive
    Alimentation Couche-Tard (Circle K)

    10:15 am – 10:45 am
    Exhibitor Networking Break
    10:45 am – 11:30 am
    Managing a New Area of Risk: Convergence of Operation Technology (OT) & Information Technology (IT)

    MODERATOR
    Atul Vashistha, Chairman and CEO
    Neo Group

    PANELISTS
    Gary Bruner, CIO
    El Paso Electric

    Paul Gagliardi, Risk Technology Evangelist
    SecurityScorecard

    Michael J. Riecica, Director, Technical Security Strategy
    Rockwell Automation

    11:30 am – 12:00 pm
    Sponsored Case Study presented by BitSight

    Performing Third Party Risk Assessments in an Agile Culture

    Presenters
    Jake Olcott, Vice President
    BitSight Technologies

    Frank Roppelt, Sr. Manager, Security Policy and Vendor Risk
    TD Ameritrade

    12:00 pm – 12:45 pm
    Luncheon Buffet
    12:45 pm – 1:30 pm
    Reputational Risk and Crisis Communications in Third Party Risk

    MODERATOR
    Dan Chmielewski, Principal
    Madison Alexander PR, Inc.

    PANELISTS
    Davia Temin, President and CEO
    Temin and Company, Incorporated

    Tom Davis,
    Susan Davis International

    Jesse Bryan, CEO
    Belief Agency

    Teri Robinson, Executive Editor
    SC Magazine

    1:30 pm – 2:00 pm
    Innovation in Regulation

    Jo Ann Barefoot, CEO
    Barefoot Innovation Group

    2:00 pm – 2:45 pm
    Innovation in Regulation Panel Cybersecurity and Data Protection

    MODERATOR
    Renee Forney, Senior Director of Cyber Assurance
    Capital One

    PANELISTS
    Jo Ann Barefoot, CEO
    Barefoot Innovation Group

    Jing de Jong Chen, Senior Associate
    Center for Strategic and International Studies (retired former General Manager of Global Cybersecurity Microsoft Corporation)

    Patrick Kelly, Director for Critical Infrastructure Policy
    Office of the Comptroller of the Currency (OCC)

    2:45 pm – 3:15 pm
    Exhibitor Networking Break
    2:45 pm – 3:15 pm
    Solutions Showcases (1 of 2)

    Solutions Showcases: (Showcases will run from 2:50 – 3:10)

      Presented by: ProcessUnity – Diplomat Room 1st Floor

    2:45 pm – 3:15 pm
    Solutions Showcases (2 of 2)

    Solutions Showcases: (Showcases will run from 2:50 – 3:10)

      Presented by: Aravo – Ambassador Room 1st Floor

    3:15 pm – 4:00 pm
    AI, Robotics and Machine Learning: Impact on Third Party Risk

    MODERATOR
    Holly Dockery, Deputy VP International, Homeland, and Nuclear Security
    Sandia National Laboratories

    PANELISTS
    Roberta (Bobbie) Stemfley, Director
    Carnegie Mellon University Software Engineering Institute

    Srinivas Mukkamala, CEO
    Risk Sense, Inc.

    Miguel Villareal, Founder and CEO
    Villa-Tech, Inc.

    4:00 pm – 5:00 pm
    Financial Technology (FinTech) Discussion

    MODERATOR
    Bob Maley Chief Security Officer
    NormShield, Inc.

    PANELIST
    Eric Piscini, CEO
    Citizens Reserve

    Bruce G. Schneider, Principal, Client Due Diligence & Third Party Risk
    Finastra

    Glen Sarvady, Managing Principal
    154 Advisors

    5:00 pm – 6:30 pm
    Networking Reception

    Plaza Ballroom – 2nd Floor

  • Monday, April 27
    Workshops
    8:00 am – 5:00 pm
    Putting the Shared Assessment Framework into Action

    Third party risk management programs everywhere are grappling with how to protect their organizations against escalating risks and meet new regulations while at the same dealing with limited resources and management teams that don’t always understand the importance good TPRM. This session will address the challenges organizations face today be exploring not only best practices and techniques for improving programs on an incremental basis, but also by focusing on processes that can better leverage existing resources and help programs operate more efficiently and effectively. Buttressed by materials introduced in the newly published Shared Assessments Third Party Risk Management Framework, attendees can expect a “nuts and bolts” discussion that should provide new both insights and an enlightened perspective on existing processes and procedures. (8 CPE credits can be earned for completion.)


  • Tuesday, April 28
    8:00 am – 12:00 pm
    SIG Toolkit Training – Covering all the Basics (Beginner)

    As we continue to enhance the SIG, its basic assessment capabilities have continued to expand. Upon completion of the workshop, attendees will understand all of the primary risk management capabilities of the Shared Assessments Program Standardized Information Gathering (SIG) questionnaire, including the creation and use of a Master SIG; the scoping of a vendor assessment; utilization of the SIG Management Tool (SMT) and all its functionality.  Additionally, attendees will obtain an understanding of best practices for reviewing a completed SIG and supporting artifacts within the due diligence processes of a third party risk governance program. Attendees will receive a Shared Assessments Program SIG Toolkit Training Course Completion Certificate for the 2020 Tool Release. (4 CPE credits can be earned for completion.)


    8:00 am – 12:00 pm
    SIG Optimization Workshop (Advanced)

    Learn to Leverage all of the Benefits of the 2020 SIG. This workshop is designed for those individuals who are developing or managing a mature TPRM Program. Attendees will understand how to harness the full power of the SIG and tune it to their specific program’s needs. Along with advanced scoping techniques and highly refined SIG functionality, we will cover leading edge best practices to take your program to the next level.   Additionally, attendees will focus on how to integrate these highly mature best practices into their TPRM Program.  Attendees will receive a Shared Assessments Program Advanced SIG Toolkit Training Course Completion Certificate for the 2020 Tool Release. (4 CPE credits can be earned for completion.)


    1:00 pm – 5:00 pm
    Third-Party Risk Assessments: More Than a Checklist Process

    In this workshop, you will learn Tips and Tricks for developing and streamlining a risk-based third-party risk assessment process as well as how to determine the type of assessment to conduct.(4 CPE credits can be earned for completion.)


    1:00 pm – 5:00 pm
    Navigating Data Governance for Privacy and Third Party Risk

    Privacy regulatory changes are putting a spotlight on third party relationships. Data management and ethical data use are now just as critical as data protection. The session will cover evolving third-party risk management obligations, privacy trends, including compliance elements for CCPA that impact vendor management. Our speakers will also highlight use cases for the Shared Assessments Program’s Tools for identifying, classifying and tracking data in third party relationships that support the “Trust but Verify” model of third party risk. 

    (4 CPE credits can be earned for completion.)





  • Wednesday, April 29
    Summit
    8:00 am – 5:00 pm
    Shared Assessments Third Party Risk Summit

    The two day Third Party Risk Summit is the premier global, multi-industry event centered around addressing challenges that affect Third Party Risk Management. The Summit brings together leading experts in risk management to identify trends and share best practices.

     

     

     

  • Thursday, April 30
    8:00 am – 5:00 pm
    Shared Assessments Third Party Risk Summit

    The two day Third Party Risk Summit is the premier global, multi-industry event centered around addressing challenges that affect Third Party Risk Management. The Summit brings together leading experts in risk management to identify trends and share best practices.

    (15.5* CPE credits can be earned for completion for both days of Summit.)



    *Changes in agenda could cause adjustments to final CPE count






     

     

     

  • Friday, May 1
    Certification
    7:30 am – 6:00 pm
    Post Summit Certifications

    CTPRP Class

    The Certified Third Party Risk Professional (CTPRP) designation from the Shared Assessments Program validates expertise, providing professional credibility, recognition, and marketability in third party risk. NOTE: Exam to be taken virtually at a later date.



    CTPRA Class

    The Certified Third Party Risk Professional (CTPRP) designation from the Shared Assessments Program validates expertise, providing professional credibility, recognition, and marketability in third party risk. NOTE: Exam to be taken virtually at a later date.

     

     

Participating in the Summit opened opportunities to work with professionals and understand the essential work and sharing of expertise is extended by encouragement to participate in forums conducted throughout the year. This was a high quality experience that pays continuous dividends.
Julia Perry Senior Program Manager, Security and Compliance, Mortech, a Zillow Group business
I look forward to the Summit each year. The speaker and audience discussions give me great insights into key trends, solutions and new opportunities. It’s like a MBA refresher on TPRM in just 2 days!
Atul Vashistha Chairman and CEO, Neo Group
Third Party Risk Management is blessed with a vibrant community of dedicated professionals that emerge from their SCIFs “Sensitive Compartmented Information Facilities” too infrequently. The Summit is the opportunity to collaborate with peers, learn and energize your TPRM career for the upcoming year. It’s a charging station of positive risk management energy! That’s why I never miss it.
Luc Levensohn Manager, Information Risk Management, Staples
No better place to connect with other third-party professionals to share ideas, challenges and solutions. Summit always provides great pragmatics nuggets of wisdom that one can take back to their jobs and take advantage immediately Always good to see how firms are further aligning their third party program with business strategies and objectives so executives see the program as value vs required overhead
Nasser Fattah Managing Director, MUFG Union Bank, N.A
The Shared Assessment Summit is one of the few “ I can’t miss” sessions of the year. It provides the latest in innovation, major external factors impacting our industries delivered through expert speakers, and connection to some of the best people in our industry. I’ll look forward to our next summit.
Mark Holladay Executive Vice President and Chief Risk Officer, Synovus
For over a decade, the Shared Assessments Summit brings together risk management professionals across industries to spotlight ways to help organizations define, run, and measure their third party risk management programs.
Linnea Solem CEO and Founder, Solem Risk Partners LLC