3rd Party Risk Management

Vendor Management Part III: Inside the BITS Shared Assessments Program

Vendor Management Part III: Inside the BITS Shared Assessments Program
Banking regulators continue to put pressure on financial institutions to improve vendor management. The BITS Shared Assessments Program allows these institutions to evaluate the security controls of key IT service providers and meet regulatory compliance. Register and learn about the latest version enhancements , as well as how to integrate the program's two key components - the Standardized Information Gathering questionnaire (SIG) and Agreed-Upon Procedures (AUP) into your existing vendor management framework..

Industry thought leaders will provide case studies and insights. Presenters include:

  • The Santa Fe Group/BITS
  • The Depository Trust & Clearing Corporation
  • Iron Mountain
  • Citi
  • KPMG
  • LiveOps

The entire Vendor Management series:
> Vendor Management Part I: FDIC Explains How to Manage Your Outsourcing Risks
> Vendor Management Part II: Assessing Vendors - the Do's and Don'ts of Choosing a Third-Party Service Provider
> Vendor Management Part III: Inside the BITS Shared Assessments Program


Management of third-party service provider relationships is a longstanding regulatory issue within the FDIC's Bank Service Company Act. Well-publicized security breaches, such as TJX and Hannaford Brothers, further increased regulatory attention on Vendor Management practices. This year, banking industry regulators issued bulletins re-emphasizing best-practices.

Previous webinars in this special series covered:

This third installment takes an in-depth look at one of the newest emerging standards for Vendor Management: The BITS Shared Assessments Program.

Originally named the Financial Institution Shared Assessments Program, Shared Assessments is a comprehensive process for financial institutions to evaluate the security controls of their IT service providers. Launched in February 2006, Shared Assessments has more than 60 member companies, including 19 major financial institutions.

Shared Assessments offer a standardized approach to collecting all of the data necessary to complete a thorough evaluation of a service provider's information security program.

  • Financial institutions receive a trusted, comprehensive source of information about prospective vendors.
  • Service providers perform one complete security review for all, versus responding to scores of individual audits from each client or potential client;
  • All parties rely on a single, efficient process that saves time and expense, and helps financial institutions meet industry regulatory requirements.

In response to member feedback, BITS has just released version 4 of the program's two core elements:

  • The Agreed Upon Procedures (AUP) document, which provides an objective and consistent set of procedures to evaluate key controls of third-party service providers.
  • The Standardized Information Gathering Questionnaire (SIG), which allows a third-party service provider to complete one questionnaire using a standard set of questions that can be shared across multiple clients.

In this webinar, we will review the key elements and revisions to the Shared Assessments Program with insights from:

  • The Santa Fe Group/BITS, on recent member feedback and updates to the program;
  • The Depository Trust & Clearing Corporation on how Shared Assessments supports financial institutions' Vendor Management initiatives;
  • Iron Mountain on benefits to third-party service providers; and
  • Citi, KPMG and LiveOps on the latest efforts to improve and streamline the AUP and the SIG.

Webinar Registration

Premium Members Only

OnDemand access to this webinar is restricted to Premium Members.

Join Now to Access
Have an account? Sign in.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.