- "Using the AUP helped us reduce the cost of internal vendor security assessments to less than 10% of the previous year's cost."
- —Jim Routh, Former CISO - The Depository Trust & Clearing Corporation
Value Proposition
The Shared Assessments Program offers a common-sense approach to evaluating vendor controls for security, privacy and business continuity. By using the Shared Assessments tools, outsourcers, service providers and assessment firms save time, resources and money by reducing redundancies and increasing efficiencies in the vendor control assessment process.
With the Standardized Information Gathering Questionnaire (the "SIG"), service providers complete one questionnaire and provide it to multiple clients. Outsourcers get faster turnaround from their service providers - in some cases receiving a detailed questionnaire the same day that they request it.
For higher-risk relationships or services, the Agreed Upon Procedures (the "AUPs"), may be used to objectively test key controls in the service providers environment and create a detailed report of the results. As with the SIG questionnaire, service providers may provide an AUP report to an unlimited number of clients. In some cases, the AUP report executed by an independent accounting or assessment firm can reduce or even eliminate the need for costly on-site assessments.
The Shared Assessments AUP and SIG were developed by Shared Assessments Program members and is updated at least once annually.
The program's members — leading outsourcers, service providers and assessment firms — are using the Shared Assessments tools and working to increase their adoption around the globe. Read more about membership here.