Shared Assessments Program Terms of Use

Agreed Upon Procedures and Standardized Information Gathering Questionnaire

The Shared Assessments Program ("Program") maintains, promotes and facilitates the use of the Agreed Upon Procedures ("AUP") and Standardized Information Gathering Questionnaire ("SIG") documents.

To support this purpose, the Program makes the AUP, SIG and other documents ("Program Documents") to the public free of charge for the purpose of conducting self assessments and third party security, business continuity and privacy control assessments. The AUP and SIG may be downloaded at http://sharedassessments.org/download/. Once downloaded, the documents may be copied and used for conducting security, business continuity and privacy control assessments. The most current version(s) of the AUP and SIG in either XML or Excel format should be used to ensure maximum efficiency when sharing results with other Program participants.

The Program also makes other Program Documents available to other industry organizations for the purpose of proposing additions and amendments that will make the documents more useful in other industries, subject to the approval of the Shared Assessments Program Steering Committee. Other industry organizations may download and use the Program Documents within their organizations for this purpose.

The Shared Assessments Program attaches the following conditions to persons and organizations downloading, copying and using the Program Documents:

  • Any modifications to the questions contained in the documents must be approved by the Shared Assessments Program Steering Committee in advance of use.
  • Industry organizations must notify The Santa Fe Group at sharedassessments@santa-fe-group.com of their reasons for the modifications and make the modifications available to the Shared Assessments Program Steering Committee for approval as additions to the current version of the documents.
  • Persons downloading the Program Documents may not assert copyright or proprietary rights in any modifications that would prevent the Program from freely incorporating those or similar modifications into the Program Documents.
  • Persons downloading the Program Documents who wish to incorporate the AUP and/or SIG into a software product offered for license or sale must obtain a separate license from the Shared Assessments Program and BITS.

The Program Documents have been developed as tools for information security, privacy and business continuity compliance. They are based on general information security and privacy laws, regulation, principles, frameworks, audit programs, seal programs and regulatory guidance from various jurisdictions and do not constitute legal advice or an exhaustive list of questions or procedures covering all the information security or privacy laws in the US or the rest of the world that may apply to a service provider. Each user should consult counsel on a case-by-case basis to ensure compliance with all applicable information security and privacy laws, regulations, policies and standards.

THE SHARED ASSESSMENTS PROGRAM DOCUMENTS ARE PROVIDED BY BITS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ARE DISCLAIMED. IN NO EVENT SHALL BITS, THE SANTA FE GROUP, OR THE PROGRAM MEMBERS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THE PROGRAM DOCUMENTS, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

The Santa Fe Group will make every effort to ensure that the AUP and SIG available for download from the Shared Assessments Program website are the current (usually released annually in October) versions of those documents that have been reviewed and approved by the Shared Assessments Steering Committee and Working Group. Support of the AUP and SIG will be limited to the current version and two prior versions.

By downloading the documents, you , you acknowledge and agree to these disclaimers, terms and conditions.