What is Shared Assessments Program? - Definition from Whatis.com

Home
Shared Assessments Program

Definition

Shared Assessments Program

Shared Assessments is a program that provides organizations with a way to obtain a detailed report about a service provider's controls (people, process and procedures) and a procedure for verifying that the information in the report is accurate.

Shared Assessments was created by the Bank of America Corporation, The Bank of New York Mellon, Citi, JPMorgan Chase & Company, U.S. Bankcorp, and Wells Fargo & Company in collaboration with leading service providers and the Big 4 accounting firms to help financial

Learn More

services companies assess service providers. The goal of Shared Assessments is to streamline the process of selecting and maintaining a vendor by creating an industry-wide standard to which service providers must adhere. To that end, the BITS consortium created the Standardized Information Gathering questionnaire (SIG), which is used to assess how well service providers adhere to those procedures.

The Shared Assessments program is not a certification. The SIG simply allows vendors to do a self-assessment of their security controls and provide that to their financial-services clients. In conjunction with the SIG, the Shared Assessments program offers Agreed Upon Procedures (AUP), which are audit standards that an independent assessment firm can use when conducting an onsite audit of a managed service provider. The service provider can share the report with multiple financial services clients, alleviating the need for separate audits.

See also: IT controls, compliance audit

Related glossary terms: eavesdropping, CTCI (Computer-to-computer interface), password cracker, QIX (NASDAQ Information Exchange protocol), Real ID, OUCH protocol, PAN truncation (primary account number), FACTA (Fair and Accurate Credit Transactions Act), Red Flags Rule (RFR), Securities and Exchange Commission (SEC)

This was last updated in October 2009

Dig Deeper

People who read this also read...

Show me more

Do you have something to add to this definition? Let us know.

Send your comments to techterms@whatis.com

Research More Tech Terms

Search thousands of tech definitions
Browse tech definitions
Browse Alphabetically:
- A
- B
- C
- D
- E
- F
- G
- H
- I
- J
- K
- L
- M
- N
- O
- P
- Q
- R
- S
- T
- U
- V
- W
- X
- Y
- Z
- #

Powered by WhatIs.com

File Extensions and File Formats

File Extension and File Formats List:

A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
#

Powered by WhatIs.com

More from Related TechTarget Sites

Security
Cloud Security
Security Channel
Security UK
SMB Security
CIO

Security
- February 2012 Patch Tuesday to address 21 vulnerabilities
  
  Microsoft plans to fix coding errors in Internet Explorer, .NET Silverlight and Microsoft Office.
- Book chapter: Browser security principles, same-origin policy exceptions
  
  This is an excerpt from the book Web Application Security: A Beginner’s Guide that describes the intricacies of using script code within the framework of a same-origin policy.
- Marty Roesch pushes collective analysis, underscores cyberthreat intelligence
  
  Sourcefire CTO Marty Roesch introduced cloud-based analysis for threat intelligence gathering. Network security monitoring platforms like RSA NetWitness may be headed in a similar direction.
Cloud Security
- Are cloud providers HIPAA business associates?
  
  Deciding whether your cloud provider is a business associate comes down to a judgment call based on the type of cloud usage.
- SaaS security: Weighing SaaS encryption options
  
  A look at SaaS encryption techniques and challenges.
- Panel debates cloud computing governance issues
  
  Problems with data governance in the cloud aren’t much different than traditional outsourcing.
Security Channel
- Survey results: VARs report customers’ IT spending 2012 expectations
  
  VARs expect customers to increase spending on security more than any other IT area in 2012. See which security segments will grow the most.
- Create a computer security blog to attract and retain customers
  
  Blogging can produce new leads for security solution providers. Focus on content in your computer security blog that connects with customers.
- Penetration testing tutorial: Guidance for effective pen tests
  
  This penetration testing tutorial contains essential tips to help solution providers uncover vulnerabilities in clients’ networks.
Security UK
- Study finds attacks slip past spotty patch management policies
  
  A study finds attackers targeting firms with poor patch management policies, exploiting vulnerabilities that should have been patched years ago.
- Survey: Types of DDoS attacks on the rise due to hacktivist groups
  
  New DDoS statistics suggest hactivist groups are to blame for an increase in the number and types of DDoS attacks across the Internet.
- Web application vulnerability statistics show security losing ground
  
  New Web application vulnerability statistics show the number of vulnerabilities is rising, despite the use of Web application development frameworks.
searchMidmarketSecurity
- Windows Phone 7 security: Assessing WP7 security features
  
  Windows Phone 7 security features are proving to be a mixed bag. Sam Cattle assesses the enterprise security pros and cons of the latest Windows mobile platform.
- Choosing the best security certifications for your career
  
  Whether starting your career or planning your next step as an IT security professional, this tip will guide you toward the best certifications for your interests and experience.
- Midmarket security tutorials
  
  SearchMidmarketSecurity.com’s tutorials offer IT professionals in-depth lessons and technical advice on the hottest topics in the midmarket IT security industry. Through our tutorials we seek to provide site members with the foundational knowledge needed to deal with the increasingly challenging job of keeping their organizations secure.
CIO
- Cost, data quality issues still hobble CIOs' BI strategies
  
  Data quality remains a top challenge for business intelligence. For CIOs, this should be the question: What's good enough for the task at hand?
- Gartner CIO forum: The innovation process and business transformation
  
  The 2012 Gartner CIO Leadership Forum will focus on how CIOs can drive the innovation process and how they and IT can transform the business.
- BI projects require open mind, deft touch
  
  Most organizations sit on a gold mine of business intelligence. Extracting it requires knowing how analytics projects differ from day-to-day IT work.

All Rights Reserved, Copyright 2008 - 2012, TechTarget