Shared Assessments is a program that provides organizations with a way to obtain a detailed report about a service provider's controls (people, process and procedures) and a procedure for verifying that the information in the report is accurate.
Shared Assessments was created by the Bank of America Corporation, The Bank of New York Mellon, Citi, JPMorgan Chase & Company, U.S. Bankcorp, and Wells Fargo & Company in collaboration with leading service providers and the Big 4 accounting firms to help financial services companies assess service providers. The goal of Shared Assessments is to streamline the process of selecting and maintaining a vendor by creating an industry-wide standard to which service providers must adhere. To that end, the BITS consortium created the Standardized Information Gathering questionnaire (SIG), which is used to assess how well service providers adhere to those procedures.
The Shared Assessments program is not a certification. The SIG simply allows vendors to do a self-assessment of their security controls and provide that to their financial-services clients. In conjunction with the SIG, the Shared Assessments program offers Agreed Upon Procedures (AUP), which are audit standards that an independent assessment firm can use when conducting an onsite audit of a managed service provider. The service provider can share the report with multiple financial services clients, alleviating the need for separate audits.