If you are in the financial industry, version 2 of the FISAP assessment SIG
is worth reviewing. FISAP is a process for financial institutions to
evaluate IT service providers. Included below are links to a FISAP FAQ and
the assessment documents themselves.
"Members and visitors who viewed the earlier version of the SIG will
notice a
significant change in this document. The Technical Development Committee
redeveloped the SIG from the ground up, including the addition of:
- Excel format for automated analysis
- Closed-ended questions
- Broader and deeper analysis of controls
- Alignment with version 2.0 (forthcoming) of the Agreed Upon Procedures
- Alignment with the ISO 17799:2005 standard
- A standardized questionnaire that can replace your company's existing
questionnaire
The resulting document is significantly more robust and easier for both
the
service provider to complete and the financial institution to analyze."
If you like the FISAP documents and have something to add, please reach out
to BITS and share your thoughts. For more information, visit
http://www.bitsinfo.org/fisap
Kind regards,
Gideon
Gideon T. Rasmussen
CISSP, CISA, CISM, IAM
Charlotte, NC
http://www.gideonrasmussen.com/contact.html
http://www.ussecurityawareness.org
http://groups.yahoo.com/group/gideons-infosec-list
http://groups.yahoo.com/group/insider-threat
Program Introduction:
http://www.bitsinfo.org/FISAP/Forms/FISAPIntroduction.pps
Program FAQs:
http://www.bitsinfo.org/FISAP/Forms/18SharedAssessmentsFAQ.pdf
Standardized Information Gathering (SIG) v2.0
http://www.bitsinfo.org/FISAP/Forms/SIGv2.0.xls
Agreed Upon Procedures v1.0
http://www.bitsinfo.org/FISAP/Forms/AUP.pdf
Service Provider Preparation Guide
http://www.bitsinfo.org/FISAP/Forms/SPPrepGuide.doc
--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .
