Entitled `Navigating the Business Assurance Landscape,' the paper includes contributions from The Shared Assessments Program; the Information Security Forum (ISF); Cloud Security Alliance (CSA); Payment Card Industry (PCI); Common Assurance Maturity Model (CAMM); and ISACA, the not-for-profit IT security association.
According to the organisations, the paper has been written to provide IT professionals with an overview of the assurance landscape.
In particular, the paper says, it is intended to define the issues with the multitude of assurance frameworks currently available and in certain cases mandatory.
"With the changing business environment, and budgetary constraints affecting there is a clear need for organisations to maximise value in providing assurance", it notes.
The paper calls for the creation of a global repository, which will provide significant efficiencies for the supplier, as well as allowing customers to quickly assess the large number of third parties in their supply chain without individually assessing each third party provider.
One additional advantage of this approach, notes the paper, is that it would provide transparency in the assurance of the supply chain.
The paper goes on to say that a global repository - or `third party assurance centre' - will support a selected number of assurance frameworks. Support will then be enabled in a modular fashion, whereby a user will be able to select the appropriate modules based on business requirements.
According to Raj Samani, the founder of CAMM, one of the bodies that contributed to the paper, the IT security industry is changing.
Businesses, he says, are relying more on third parties than ever before, and the growth of cloud computing will only increase the dependency.
"This places new demands on the assurance requirements for businesses, with a more efficient method of assessing and managing risk when dealing with third parties", he said.
"It is therefore absolutely necessary for a global collaborative approach to meet the evolving needs of businesses, and this major milestone represents the first step in providing assurance for the 21st century", he added.
Jim Reavis, the executive director of the Cloud Security Alliance, said that a third party assurance centre is a concept whose time has come.
Developing this capability with the flexibility to address multiple assurance levels - and supporting multiple frameworks - will, he says, help accelerate trust in cloud computing.
It will also, he added, forestall the need for regulatory bodies to create heavy handed requirements that may stunt innovation and the adoption of the next generation of information technology.
Professor John Walker of ISACA's London chapter security advisory group, meanwhile, said that gaining assurance is often the responsibility of the end customer to ensure that the primary contractor - and in many cases sub-contractors - do not represent an unacceptable risk to the business.
This cost, he explained, is usually borne by the end customer, with the primary contractor often being faced with multiple end customers demanding assurance in differing ways.
This can, he says, consume considerable resources and potentially erode the very assurance they sought.
Against this backdrop, Professor Walker adds that this initiative can help keep costs in line and so increase assurance.