AsTech Consulting - Financial Institution Shared Assessments Program



Home Solutions Application Security Ethical Hacking Security Assessment Secure Development FISAP Insights About AsTech Company Overview AsTech Difference Client List CMAS Certification FISAP Contact Us
"We’re delighted that AsTech Consulting has joined the Shared Assessments Program. Their participation in our working group demonstrates their commitment to security and innovation in financial services, and to collaborative solutions that benefit the entire industry." Catherine A. Allen Chairman and CEO The Santa Fe Group "AsTech Consulting is to be commended for doing an exceptional job during their technical review of ITAC's information security posture. AsTech’s work was comprehensive, well researched with strong documentation and delivered in a manner that provided an objective perspective which was easily understood by non-technical management. Strong information security is a cornerstone of ITAC's foundation and AsTech Consulting’s partnership and contributions to this end are appreciated." Brian McGinley Chairman of the Board Identity Theft Assistance Center	In 2006 BITS, a nonprofit financial services industry association, launched the Financial Institution Shared Assessments Program to respond to industry challenges that Financial Institutions face in evaluating their service providers. The Shared Assessments Program offers efficiencies and cost savings while providing consistency in the assessment of a service provider’s security standards. AsTech Consulting has been a Shared Assessments Program assessment firm member since 2007. The company utilizes the Standardized Information Gathering (SIG) questionnaire and Agreed Upon Procedures (AUP) to perform assessments that are: *Accepted* throughout the industry *Aligned* with industry standards *Consistent* in their methodology AsTech has been providing security assessments for Financial Institutions since 1997. We have years of experience providing results that are meant to be accepted. Our experience includes analyses of: security processes, enterprise financial applications, perimeter security and many other aspects of our clients’ information security posture. The Program The SIG questionnaire can be used to provide financial institutions with a "snapshot" of the security controls at the service provider’s location. The current version of the questionnaire, SIG 3.1, includes a SIG Lite module, which is a 54-question tool that can be used when a complete questionnaire is not required. A service provider may present the results of the questionnaire to existing or potential clients. The Agreed Upon Procedures are used to provide a more detailed report on service provider controls. Using the AUP, assessment firms create a detailed report which can be shared with a service provider’s other clients. Additionally, the Shared Assessments Program questionnaires and procedures are aligned with standards such as ISO 27002, PCI-DSS, and frameworks such COBIT — all of which AsTech Consulting is completely familiar with in practice and theory.	Presentation AsTech — ITAC Case Study
Home \| Security Solutions \| Insights \| About AsTech \| Contact Us		Privacy Policy
(888) 777-5995 info@astechconsulting.com		©2008 AsTech Consulting