If you are in the financial industry, version 2 of the FISAP assessment SIG
is worth reviewing. FISAP is a process for financial institutions to
evaluate IT service providers. Included below are links to a FISAP FAQ and
the assessment documents themselves.
"Members and visitors who viewed the earlier version of the SIG will
notice a
significant change in this document. The Technical Development Committee
redeveloped the SIG from the ground up, including the addition of:
- Excel format for automated analysis
- Closed-ended questions
- Broader and deeper analysis of controls
- Alignment with version 2.0 (forthcoming) of the Agreed Upon Procedures
- Alignment with the ISO 17799:2005 standard
- A standardized questionnaire that can replace your company's existing
questionnaire
The resulting document is significantly more robust and easier for both
the
service provider to complete and the financial institution to analyze."
If you like the FISAP documents and have something to add, please reach out
to BITS and share your thoughts. For more information, visit
http://www.bitsinfo.org/fisapKind regards,
Gideon
Gideon T. Rasmussen
CISSP, CISA, CISM, IAM
Charlotte, NC
http://www.gideonrasmussen.com/contact.htmlhttp://www.ussecurityawareness.orghttp://groups.yahoo.com/group/gideons-infosec-listhttp://groups.yahoo.com/group/insider-threatProgram Introduction:
http://www.bitsinfo.org/FISAP/Forms/FISAPIntroduction.ppsProgram FAQs:
http://www.bitsinfo.org/FISAP/Forms/18SharedAssessmentsFAQ.pdfStandardized Information Gathering (SIG) v2.0
http://www.bitsinfo.org/FISAP/Forms/SIGv2.0.xlsAgreed Upon Procedures v1.0
http://www.bitsinfo.org/FISAP/Forms/AUP.pdfService Provider Preparation Guide
http://www.bitsinfo.org/FISAP/Forms/SPPrepGuide.doc--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .
