Regulatory Compliance » BITS Security Policy Solutions

BITS Security Policy Solutions

About BITS and the Shared Assessments Program

The Financial Institution Shared Assessments Program is a process for financial institutions to evaluate the security controls of their IT service providers. The Shared Assessments Program is based on the BITS industry consortium and the ISO 27002 Standard, and includes Agreed Upon Procedures (AUP) and the Standardized Information Gathering questionnaire (SIG) which are used to evaluate security controls. Assessments are often done in conjunction with SAS 70 audits.

Information Security Policies and BITS

When performing an assessment, written security policies for each control area are key to the documentation and evaluation of security controls. The shared assessments program is based on the information security control areas found within ISO 27002. These are: Security Policy, Organization of Information Security, Asset Management, Human Resource Security, Physical and Environmental Security, Communications and Operations Management, Access Control, Information Systems Acquisition, Information Security Incident Management, Business Continuity Management, and Compliance.

Comprehensive Security Policy Coverage
Information Security Policies Made Easy Information Security Policies Made Easy by security policy expert Charles Cresson Wood, CISA, CISSP, includes over 1400 information security policies covering all ISO 17799 information security domains. ISPME provide pre-written policies for each subject domain of the Shared Assessments and can be easily be customized based on the organization's business needs.

  » Learn More

Keep Security Policies Up to Date
Updated security policies are key to managing business risks. The PolicyShield Information Security Policy Subscription includes all of the policies within ISPME with regular updates based on the latest threats, technologies and regulatory changes. Let our experts monitor the latest trends and write the policies you need when you need them.

  » Learn More

The Most Complete Security Policy Library Available

PolicyShield ™ contains over 1500 pre-written information security policies and expert commentary covering 123 different categories within the ISO 27002 security standard. Covers over 200 security areas including:

  • Data Privacy
  • Identity Theft
  • Firewalls
  • Encryption
  • Telecommuting
  • Telephone systems
  • Employee surveillance
  • Electronic commerce
  • Electronic records
  • Digital signatures
  • Computer viruses
  • Contingency planning
  • Logging controls
  • Internet
  • Intranets
  • Risk Assessments
  • Governance

    • » View topic list

    Regulatory Compliance » BITS Security Policy Solutions

    Learn More
    » Request a Sample
    » How it Works
    » Data Sheet (PDF)
    » Product Contents
    » Common Questions
    » Pricing and Ordering
    » Contact Us
    Other Regulations
    » SAS70 Audits
    » PCI-DSS Solutions
    » ISO 17799/27001
    » COBIT/Sarbanes-Oxley
    » More regulatory solutions
    Other Products
    » Privacy Management Toolkit
    » Information Security Roles & Responsibilities Made Easy
    » Security Awareness Newsletter
    Security Policy Tools
    » Regulatory Requirements
    » Security Policy News
    » Security Policy Whitepapers
    » More Policy Tools