From The Secure Arc Wiki

Jump to: navigation, search

BITS is a Washington, DC based financial services technology organisation, which launched the Financial Institution Shared Assessments Program (FISAP), which creates a standardized approach for banks and service providers to use in their information security audits. BITS is a non profit industry consortium, with approximately 100 of the largest financial organisations in the USA.

Each requirement of the FISAP recommendations can be broken down further into more specific sub-requirements that can be mapped back to both the Security Principles that drive them and the Design Patterns that satisfy them.

Risk Management Framework

There are two key elements to the program.

  • The first is the Standardized Information Gathering Questionnaire (SIG), which is used in place of banks' existing proprietary questionnaires.
  • The second element is the testing portion of the program, known as Agreed Upon Procedures (AUP), which leverages independent assessors rather than bank-provided auditors. The AUP reduces the length of time banks spend on-site conducting routine audits.

Published in January 2008, the latest release, version 3.1, refines the procedures in the AUP for more-consistent execution, adds a risk management section, and more closely maps with the ISO 27002 information security standard, Payment Card Industry (PCI) security standard and Control Objectives for Information and related Technology (COBIT) protocol.


This legal publication is freely available on the internet. link


Personal tools