Banking regulators continue to put pressure on financial institutions to improve vendor management. The BITS Shared Assessments Program allows these institutions to evaluate the security controls of key IT service providers and meet regulatory compliance. Register and learn about the latest version enhancements , as well as how to integrate the program's two key components - the Standardized Information Gathering questionnaire (SIG) and Agreed-Upon Procedures (AUP) into your existing vendor management framework..
Industry thought leaders will provide case studies and insights. Presenters include:
Management of third-party service provider relationships is a longstanding regulatory issue within the FDIC's Bank Service Company Act. Well-publicized security breaches, such as TJX and Hannaford Brothers, further increased regulatory attention on Vendor Management practices. This year, banking industry regulators issued bulletins re-emphasizing best-practices.
This third installment takes an in-depth look at one of the newest emerging standards for Vendor Management: The BITS Shared Assessments Program.
Originally named the Financial Institution Shared Assessments Program, Shared Assessments is a comprehensive process for financial institutions to evaluate the security controls of their IT service providers. Launched in February 2006, Shared Assessments has more than 60 member companies, including 19 major financial institutions.
Shared Assessments offer a standardized approach to collecting all of the data necessary to complete a thorough evaluation of a service provider's information security program.
Financial institutions receive a trusted, comprehensive source of information about prospective vendors.
Service providers perform one complete security review for all, versus responding to scores of individual audits from each client or potential client;
All parties rely on a single, efficient process that saves time and expense, and helps financial institutions meet industry regulatory requirements.
In response to member feedback, BITS has just released version 4 of the program's two core elements:
The Agreed Upon Procedures (AUP) document, which provides an objective and consistent set of procedures to evaluate key controls of third-party service providers.
The Standardized Information Gathering Questionnaire (SIG), which allows a third-party service provider to complete one questionnaire using a standard set of questions that can be shared across multiple clients.
In this webinar, we will review the key elements and revisions to the Shared Assessments Program with insights from:
The Santa Fe Group/BITS, on recent member feedback and updates to the program;
The Depository Trust & Clearing Corporation on how Shared Assessments supports financial institutions' Vendor Management initiatives;
Iron Mountain on benefits to third-party service providers; and
Citi, KPMG and LiveOps on the latest efforts to improve and streamline the AUP and the SIG.
Program Manager, Financial Services, Iron Mountain
Scott has been with Iron Mountain for 10 years, holding various positions within the organization. In 2007, he was asked to become a dedicated vertical market manager for Iron Mountain's largest, most complex vertical market, the financial services. Today, Mr. Brown is focused on understanding the market conditions affecting the financial industry and translating those conditions into products and solutions that secure information, enable compliance, and provide global services consistency, all while managing cost.
Chief Information Security Officer, LiveOps
As CISO of LiveOps, a leading provider of virtual contact services with 28,000 agents, Niall is responsible for defining and managing the enterprise security, audit, risk and regulatory compliance programs. Niall has participated extensively in industry security initiatives including serving as the Co-Chair of the BITS Shared Assessments development committee for the past three years.
Senior Vice President, The Santa Fe Group
Michele Edson is a risk professional with more than 29 years of banking and risk/fraud experience. She works closely with the financial services industry, technology providers and regulators to ensure the Shared Assessments Program fulfills its goal of creating efficiencies and cost savings in the service provider assessment process. Prior to joining The Santa Fe Group, Michele was a Senior Business Executive with Carreker Corporation.
Partner, KPMG LLP
Eddie works in KPMG's IT Advisory Services practice in the Dallas office. He has served as KPMG's IT Attestation Leader for the Americas for the past five years, focusing on SAS 70's and other attestation services including BITS. Holt is a Certified Public Accountant, a Certified Information Systems Auditor, and an Associate Business Continuity Planner.
Risk Manager, Citi
Andy currently works at Citi where he manages a team of assessors who conduct due diligence reviews of vendors who render complex technical services for various Citi businesses. Andy is working to integrate the Shared Assessments program into the Citi Service Provider assessment process and is the co-chair of the Shared Assessments program TDC (Technical Development Committee) along with Niall Brown of LiveOps and Eddie Holt with KPMG.
Chief Information Security Officer, Aetna
Jim Routh is the Chief Security Officer and leads the Global Security function for Aetna. He is the Chairman of the NH-ISAC Board. He serves on the Board of the National Cyber Security Alliance and is a member of the Advisory Board of the ClearSky Security Fund. He was formerly the Global Head of Application & Mobile Security for JP Morgan Chase. Prior to that he was the CISO for KPMG, DTCC and American Express.
Jim is the winner of the 2016 Security Alliance Award for Innovation, 2016 ISE Luminary Leadership Award, the Northeast and the 2014 North American Information Security Executive of the Year for Healthcare, the 2009 BITS Leadership Award sponsored by the financial industry in collaboration with NIST and the Department of Treasury.