 |
The first step in ensuring the privacy & security of vendors and service providers is to perform a thorough risk assessment of these 'TSPs'. A responsible risk assessment of a TSP allows you to :
|
|
|
|
Establish a fast & repeatable process to identify, assess, & manage risks associated with TSPs and the TSP selection process.
|
|
|
Reduce the overall operating
risk to the organization.
|
|
|
Establish, enforce and manage
assessment criteria for TSPs based on the business criticality & compliance
requirements of each.
|
|
|
Control your risks before they
even exist in the organization, approving new TSPs based on their controls,
proposed function, services, and the data that will be shared with them.
|
|
|
Generate useful and actionable
roll-up & drill-down reports for the entire enterprise, or for individual
Business Units, Divisions, or other logical grouping levels.
|
|
|
Easily manage an inventory of
risks and controls for tens & hundreds of TSPs & Business Associates.
|
|
|
Document and manage remediation
plans for TSPs after gaps have been identified. Keeping a constant view of
where outstanding risks are and "if, how, and when" they will be addressed.
|
|
|
Reduce the cost of managing
ongoing assessments.
|
|
Rsam is the most powerful and effective tool available for managing TSP risk assessments. Rsam works by calculating the criticality & risk associated with each TSP, measuring their controls, and scoring them. Within Rsam, TSPs are defined via either data import or distributed data entry. Users are then assigned to answer specific questionnaires concerning the criticality and control of their TSPs. As users log into the Rsam interface, they are presented with simple dashboards that show their assigned tasks and the status of their questionnaires. By clicking on a particular task, the user is sent directly to the appropriate questionnaire page and walked through each assigned question via a highly-intuitive, Web Enabled GUI. At the completion of each questionnaire, the process can then be passed to other users for review or additional input. All such actions are tracked, and progress reports and administrator dashboards provide constant progress updates. At the completion of an assessment, TSP scores are calculated comparing the degree of control in place against the risk that each TSP poses. Risks and control gaps are identified and presented within the Rsam GUI. Once such gaps and compliance violations are known, the Rsam Remediation Tracking Module tracks & documents each step of the remediation process. Assessment & Risk Treatment data may be archived as desired, and using Rsam's interactive reporting engine, Historical reports can be easily generated providing useful trend analysis. All of this capability is built on top of Rsam's patent-pending framework, providing the highest degree of flexibility possible. Where desired, nearly every detail within Rsam's flexible structure can be easily customized.
|
|
BITS is a nonprofit industry consortium whose members are 100 of the largest financial institutions in the United States. Serving as the strategic "brain trust" for the industry, BITS focuses on issues related to e-commerce, payments and emerging technologies. Increasing exposure of information due to the growth of outsourcing and increased regulatory requirements prompted BITS to form the IT Service Providers Working Group. The Working Group revised and updated the BITS Framework for Managing Technology Risk for IT Service Provider Relationships in 2003. The Framework addresses the regulatory, business and technology risk aspects of financial institutions' relationships with TSPs. In 2004, the group published the BITS IT Service Providers Expectations Matrix. Since then BITS has continued to improve and update their content for Service Provider assessments. Rsam's TSP template is primarily based on ISO 17799 and references BITS IT Service Providers Expectations Matrix.
Relational Security has licensed the shared assessments program content for TSP assessments from BITS. The Shared Assessments Program Control Template is now available in addition to Rsam's existing control libraries which include comprehensive sets of controls from other prominent standards such as ISO 17799, COBIT, NIST and FFIEC. Relational Security's customers can now utilize the Shared Assessments controls within Rsam more readily and take advantage of the rich features available in Rsam's technology and methodology. The Shared Assessments Control Template will be available to co-exist with and come pre-mapped to other control templates, allowing customers to choose the most appropriate control sections or domains that are relevant to their environment.
|
|
Rsam provides the most powerful and efficient tools available to manage the entire assessment cycle, including highly intuitive interfaces and a powerful interactive reporting engine. This technology allows you to:
|
|
|
|
Track responses, progress, user activity, and manage every aspect of the assessment process using administrative dashboards, questionnaire cycles, user roles, and data management interfaces
|
|
|
Choose from Rsam's pre-stocked templates of TSP assessment controls and criticality questions (600+), easily customize them to meet your specific requirements, or even import existing questionnaires
|
|
|
Report on control elements as related to industry standards such as ISO 17799 and BITS
|
|
|
Create and assign modular questionnaires based on functional areas (business, technology, operations, business continuity etc.), allowing focused interviews |
|
|
Identify and address issues and gaps using Rsam's 45+ consistent and actionable roll-up, drill-down, and relational reports.
|
|
|
Plan, document & track remediation efforts for identified gaps
|
|
