About Sword & Shield
Since 1997 Sword & Shield has been the trusted information security partner for 3000 clients in 50 states and 27 countries around the globe.
We offer comprehensive computer network security services and IT regulatory compliance for business and government. Let us help secure your future.
Request Consultation
Shared Assessment
With the rapid growth of in-the-cloud services, more organizations will find cost savings in outsourcing various business functions to third party cloud providers. If your customers have entrusted you to protect personal identifiable information (PII), you must provide sufficient oversight of your service providers to insure that they are using the proper controls for security, privacy and business continuity.
Resources
More on Shared Assessments
SAS 70 Frequently Asked Questions
ISO 27001 and Shared Assessments
Breach Notification Rules:
Crosswalk to the Shared Assessments
SIG Version 5.0
to Shared Assessments
for the Enterprise:
A Shared Assessments Guide
If you are a service provider providing services to organizations that store, process, or transmit personal identifiable information, you are no doubt being asked to complete a variety of questionnaires to evaluate the controls you have in place for security, privacy, and business continuity.
The process for evaluating service provider controls has been inefficient and costly. Outsourcing organizations develop and distribute proprietary questionnaires to service providers. Service providers spend valuable resources responding to multiple client requests that are inconsistent, causing delays that often result in costly on-site audits.
In some instances, you are being asked to have a SAS 70 audit or the newly revised SAS 70 called, “Statements on Standards for Attestation Engagements No. 16″ (SSAE 16). These assessments were developed by the American Institute of Certified Public Accountants (AICPA) and, as such, can only be performed by public accounting firms, including trust services, WebTrust and SysTrust.
Shared Assessment Services
The BITS Financial Services Roundtable along with the Big 4 accounting firms and key service providers, developed the Shared Assessments Program formerly known as Financial Institution Shared Assessment Program (FISAP) which evolved into the BITS Shared Assessments Program. Recently “BITS” was dropped from the name and it is now referred to as Shared Assessments. The Shared Assessment program offers an approach to evaluating vendor controls for security, privacy, and business continuity. By using the Shared Assessments tools outsourcers, service providers, and assessment firms save time, resources, and money by reducing redundancies and increasing efficiencies in the vendor control assessment process. For a summary of sets of questions in the Shared Assessment program click here.
How Can Sword & Shield Assist Outsourcing Organizations and Service Providers?
Sword & Shield can assist organizations by:
If you are a service provider who has not satisfactorily completed the Standardized Information Gathering Questionnaire (SIG), we can provide assistance in understanding the gaps and make recommendations for remediation to meet the requirements. For example, if you provide services for financial institutions, we can help you understand compliance regulations such as FFIEC, HIPAA or FTC Red Flags and how they relate to service providers.
Find Out More
Sword & Shield has been outsmarting cyber-criminals and improving security for enterprises around the world since 1997. Fill out our Consultation Request form or call us so we can begin securing your future.
U.S. Toll-free: 800-810-1885
International: 865-244-3500