Shared Assessments Program

Shared Assessments is a program that provides organizations with a way to obtain a detailed report about a service provider's controls (people, process and procedures) and a procedure for verifying that the information in the report is accurate.

Shared Assessments was created by the Bank of America Corporation, The Bank of New York Mellon, Citi, JPMorgan Chase & Company, U.S. Bankcorp, and Wells Fargo & Company in collaboration with leading service providers and the Big 4 accounting firms to help financial services companies assess service providers. The goal of Shared Assessments is to streamline the process of selecting and maintaining a vendor by creating an industry-wide standard to which service providers must adhere. To that end, the BITS consortium created the Standardized Information Gathering questionnaire (SIG), which is used to assess how well service providers adhere to those procedures.

The Shared Assessments program is not a certification. The SIG simply allows vendors to do a self-assessment of their security controls and provide that to their financial-services clients. In conjunction with the SIG, the Shared Assessments program offers Agreed Upon Procedures (AUP), which are audit standards that an independent assessment firm can use when conducting an onsite audit of a managed service provider. The service provider can share the report with multiple financial services clients, alleviating the need for separate audits.

See also: IT controls, compliance audit

This was last updated in October 2009

Dig Deeper on Business partner and vendor security issues

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.


File Extensions and File Formats

Powered by: