The Benefits of Shared Assessments for Risk Management
We are all familiar with the main benefits of standardized home appraisals– predictable pricing, comparability, efficient transactions and grounds for legal recourse.
Can you imagine what the housing and mortgage markets would be like, if there was no standard way to appraise homes?
Well, home appraisals were not always standardized and the old system of proprietary appraisals made buying a home much more costly, chaotic and difficult to pursue.
Adopting systems of shared assessments has worked for the housing and consumer credit industries, among others, so why not adopt shared standards in the IT security industry?
While there are a handful of shared IT assessment programs out there today, the majority of IT assessments are currently done on a proprietary one-off basis, which disadvantages companies and vendors.
The market needs to adopt a shared IT assessment framework. Let's take a look at some of the main benefits below:
1. Increased transparency
Without shared standards, there are many different methods or approaches to conducting IT assessments. When companies look at the end results, they do not know exactly what controls were evaluated how they were tested in order to produce those results. With shared assessments, both companies and vendors would know exactly which controls were evaluated and the processes used to test them.
2. A basis for recourse
With shared assessments, companies would have a clear and shared understanding or agreement as to which controls were in place and when. A standard for evaluating IT systems, that stated outright the system's security measures, would provide grounds for recourse in future negotiations or if a breach or other attack occurred.
3. More streamlined vendor selection
If every vendor conducted testing in the same way, there would be more consistency across vendors. This would enable companies to search for a vendor more efficiently, trust the assessment results, compare vendors, and even trend to see who's improving and who's not improving. Without a standard system for assessments, results are non-comparable, costs are higher and vendor selection takes much longer.
The absence of IT assessment standards is a shared problem that hurts buyers and suppliers. This shared problem demands a shared solution, which will drive down costs and increase quality, transparency and recourse.
I truly believe the market is being driven toward the use of a shared IT assessments. When do you think shared assessment will become the norm?
Photo credit: Britta Boehlinger
About the Author: Chris Bell is a founder and VP of Product Management at Evantix, who provides an on-demand risk management solution that helps companies assess, manage, and monitor risk across their complex business relationships. He builds innovative risk management solutions for the market and advises companies about how to improve their programs. You can read more from Chris on the Evantix blog.
How can you cost-effectively apply a risk assessment template to thousands of suppliers?
 |
In this educational personal webinar, you’ll learn how Evantix’s risk intelligence solution creates a credit bureau for your vendors enabling you to make intelligence decisions about your business risk. Register for your personal webinar today. |