December 14, 2007

Related feature: BITS Program Streamlines Vendor Security Audits

The Shared Assessments Program was developed in 2005 by the BITS IT Service Providers Working Group to make the data security audit process more efficient for banks and vendors. There are two key elements to the program:

  1. Standardized Information Gathering Questionnaire (SIG): A standardized questionnaire used in place of banks' proprietary questionnaires, the SIG can be filled out by a vendor once and used across all of its financial institution clients.

  2. Agreed Upon Procedures (AUP): The testing portion of the program, the AUP provides independent assessors who use more objective testing criteria and can drill down further in an audit than banks typically would.