- "Not only does the program save our company time and resources, but our customers also benefit by getting the information they need immediately."
- —Scott Brown, Iron Mountain
Benefits
Testimonials
A number of FIs and SPs that have taken part in the program over time are developing metrics to support the business case for participation. Several organizations have shared their findings publically. One FI (that also uses the program as an SP) expressed the benefits this way:
"As an FI we review a consistent and emerging industry standard format for security assessment artifacts from vendors and in this case both (the FI) and the service vendors realize a significant savings in a more efficient compliance process with high quality artifacts. Our internal costs for vendor security assessments has been reduced to less than 10% of last year's cost primarily through the use of the AUP as our requirement for service firms that have access to sensitive information.
We held a forum for service vendors to introduce the requirements for service firms including the Shared Assessments Program SIG and AUP. This has enabled faster adoption by firms once they understand the benefits to the Shared Assessments Program. Download Member Case Study here.
Progress through Collaboration
The testimonial referenced above makes several key points: the Shared Assessments Program provides high quality tools and meaningful savings—and benefits increase as the program expands. Bringing new FIs and SPs to the table is important for the individual participant and for the program—and the industry—overall.
Participating FIs point out additional benefits from adoption: the Shared Assessments artifacts are designed with the FI's risk management and compliance needs in mind. Results provide an excellent reference point to begin or to support ongoing, in-depth risk management evaluations with input structured around each of the twelve primary risk control areas for information services (as outlined by and consistent with ISO 27002:2005). Moreover, the Shared Assessments tools are dynamic—they evolve over time based on industry input and through proactive membership collaboration.
Value Increases Exponentially
Since its inception in 2006, the program artifacts (the SIG and the AUP, respectively) have undergone several revisions. Version 4.0 was published in October 2008.
Both the SIG and the AUP are dynamic tools that evolve with changes in the industry environment for information services. The Shared Assessments program is the vehicle through which industry stakeholders promote the changes necessary to keep these tools current and optimally effective.
The program's members—all leaders of financial institutions, service providers, assessment firms and licensees view evidence of the program's effectiveness to date as the tip of an iceberg. With increasing adoption, the program's overall value to individual players and to the industry as a whole—will grow exponentially.Occasionally, our partners will provide special offers or trials - to view a list of current offers, please click here
- "The internal costs of the Shared Assessments Program are significantly less than fulfilling every unique request for the same information coming from multiple financial service firms"
- —Jim Routh, CISO - The Depository Trust & Clearing Corporation