AUP 6.0 Bundle

Price: $1,750.00

The AUP 6.0 Bundle includes V 6.0 of the AUP and the AUP Report Template

Together with the Shared Assessments Standardized Information Gathering Questionnaire (SIG), the Shared Assessments AUP is used by outsourcers to evaluate the controls their service providers have in place for security, privacy and business continuity. Both the AUP and the SIG are aligned with ISO 27002:2005, PCI DSS, COBIT, and NIST as well as FFIEC Guidance, the AICPA/CICA Privacy Framework, and a host of privacy regulatory guidance.

The AUP was created for use by independent accounting and assessment firms that conduct on-site audits of service provider controls. The AUP provides objective and consistent procedures that evalu¬ate key controls in the following domains of risk management:

  • Information security policy
  • Organization of information security
  • Asset management
  • Human resources security
  • Physical and environmental security
  • Communications and operations management
  • Access control
  • Information systems acquisition, development and maintenance
  • Information security incident management
  • Business continuity management
  • Compliance
  • Privacy

The AUP procedures follow the American Institute of Certified Public Accountants (AICPA) professional standards Attestation Standard (AT) Section 201, which sets forth attestation standards and provides guidance to practitioners on performance and reporting in AUP engagements.

The AUP report template was developed by the Shared Assessments Program to provide a slightly more flexible tool than the AUP. While still testing for specific controls, the AUP Report Template allows the company being assessed to include any additional mitigating controls (and accompanying documentation) they provide which they believe are relevant to providing a sound control environment. It must be noted that while this information is included, it may not necessarily be tested by the company conducting the assessment. The Report Template was developed to allow the company being assessed to be able to identify why they may not chose to use a specific control being tested. By allowing the company to state and establish their full and complete control environment in one easy to use document. The company conducting the assessment can then easily identify any areas/controls they would like to have tested further.

Become a member

Reminder: If you have already purchased the Shared Assessment Tools, become a member and reduce the Annual Membership Cost by the total amount of your purchase.

The Shared Assessments Program brings industry-leading executives together to streamline and standardize the service provider evaluation process, helping organizations of all sizes realize important efficiencies and cost savings.

As participants in a global community of leaders in information security, privacy, business continuity and vendor risk management, members gain opportunities for brand visibility, collaboration and professional development.

Member benefits include:
  • Download the Shared Assessments Tools for free.
  • Opportunities to shape and refine the industry de-facto security standard tools.
  • Access to the Shared Assessments Member Forum.
  • Discounts on registration for Shared Assessments Events.

Learn more »

cvs
TD Ameritrade
wilmingtontrust
www.rsa
pwc
usbank
tsys
www.compliance360
target
churchillharriman
drivesavers
jpmorgan
www.lockpath
jbr
bofa
acxiom
fishnet
bsi
idexperts
deluxe
kpmg
gosaas
www.csinitiative
ezshield
sei
redtail
deutsche
mercedsystems
www.ctg
earlywarning
nyupoly
electriccompany
Bank of the West
ltd-financial
zywave
pge
dtcc
goldnamsachs
ironmountain
bnym
att
deloitte
www.modulo
www.rsam
proteck
www.controlcase
white-hat
protivity
pivot-point
Brainshark
aon
radian
www.prevalent
cit
sungard
firstdata
lsr
yodlee
ernstyoung
liveops
recall
power-advocate