Rising GRC player to provide more streamlined, secure vendor management capabilities


OVERLAND PARK, KANSAS — Lockpath, a provider of innovative governance, risk and compliance (GRC) applications, today announced it has joined the Shared Assessments Program, a member-driven, industry-standard body that injects speed, efficiency and cost savings into the service provider control assessment process.

Lockpath has incorporated Shared Assessments’ tools—the Standardized Information Gathering (SIG) questionnaire and the Agreed Upon Procedures (AUP) reports—into its Keylight platform. The addition of this layer of standards will provide an even more streamlined approach to vendor management for Lockpath customers, enabling them to more effectively manage their relationships with third-parties, including suppliers, vendors and business partners.  Lockpath’s groundbreaking software pulls security information from multiple disparate data sources, and this unique capability enables it to leverage the Shared Assessments standards integration more effectively than traditional GRC vendors.

“The mission of the Shared Assessments program is to simplify the sometimes painful process of IT service provider assessment while simultaneously lowering the risk associated with it,” said Keith Payne, Shared Assessments member and information security officer at Javitch, Block and Rathbone, LLC. “By integrating these standards into its GRC platform, Lockpath has demonstrated its commitment to empowering its customers with vendor management solutions that simplify and automate this process.”

Additionally, Lockpath is the only GRC vendor to tightly integrate quarterly Unified Compliance Framework (UCF) updates into its Keylight platform, providing users with a simplified workflow interface to help them manage the daunting amount of controls that must be included in official governance and compliance documents. The powerful combination of UCF and Shared Assessments content harmonizes assessments and controls.

“Before we created the Shared Assessments program, outsourcers generally relied on proprietary questionnaires to evaluate vendors that created delays and monopolized valuable resources,” said Catherine A. Allen, Chairman and CEO of The Santa Fe Group, manager of the Shared Assessments Program. “GRC solution providers like Lockpath are helping us provide the market with a straightforward, cost-saving approach to service provider evaluations that also enhances the security of the process.”

The Shared Assessments Program was created by leading financial institutions, the Big Four accounting firms, and key service providers to inject standardization, consistency, speed, efficiency and cost savings into the service provider assessment process. Through membership and use of the Shared Assessments tools (the Agreed Upon Procedures and the Standardized Information Gathering questionnaire), Shared Assessments offers outsourcers and their service providers a faster, more efficient and less costly means of conducting rigorous assessments of controls for security, privacy and business continuity. The Shared Assessments Program is managed by The Santa Fe Group, a strategic consulting company based in Santa Fe, New Mexico.


Lockpath is a market leader in corporate governance, risk management, regulatory compliance (GRC) and information security (InfoSec) software. The company’s flexible, scalable and fully integrated suite of applications is used by organizations to automate business processes, reduce enterprise risk and demonstrate regulatory compliance to achieve audit-ready status. Lockpath serves a client base of global organizations ranging from small and midsize companies to Fortune 10 enterprises in more than 15 industries. The company is headquartered in Overland Park, Kansas.


Lockpath Media Contact
Emily Podhajsky