Shared Assessments Program
The Shared Assessments Program was created by leading financial institutions, accounting firms, and key service providers to inject standardization, consistency, speed, efficiency and cost savings into the vendor risk assessment process.
Through membership and use of the Shared Assessments tools (the Standardized Control Assessment, or SCA—formerlly known as Agreed Upon Procedures, or AUP—and the Standardized Information Gathering questionnaire), Shared Assessments offers companies and their service providers a faster, more efficient and less costly means of conducting rigorous assessments of controls for security, privacy and business continuity.
- Used in over 115 countries
- Used in a variety of industries: financial services, energy, government, healthcare, manufacturing, pharmaceutical, retail, telecommunications, education and others
Shared Assessments & ISO 27002
A Shared Assessment provides an assessment of an organization’s implementation of its controls using a standardized questionnaire which is based on the ISO 27002 standard, with additional input from Shared Assessments Program members. The approach is more rigidly defined (e.g., answers are Yes, No, or N/A, making the completed SIG easy to read by machine). The original idea was that service providers could complete the SIG just once, and then provide the completed SIG to multiple clients.