Bank Technology News  |  November, 2009

By John Adams

Print Email Reprints Feedback

The Shared Assessments Program has launched Version 5.0 of its tools for evaluating service provider controls, including a toolkit for audits that can be used in cloud computing and software as a service environments.

The program’s technical development committee has added 22 new procedures, including questions relevant to cloud computing, such as a target data tracker—which can be used to uncover the location of data storage sites. In cloud computing and SaaS environments, the location of that data is often unclear.

Questions related cloud and SaaS have also been inserted into the group’s standardized information gathering questionnaire, or SIG. “A key question in relation to cloud and SaaS that gets asked is ‘Where is my data in the cloud? Where is it stored?” says Niall Browne, CISO of virtual call center firm LiveOps and a co-chair of the development committee for Shared Assessments, who says prevailing standards are focused on specific environments and don’t address cloud computing.

Browne says there have been downloads of the new version, but it’s still too early to have definitive adoption numbers. Overall, the shared assessments program has enjoyed lackluster adtoption, with major firms unwilling to rely on the cookie-cutter approach to due diligence .

More articles in Bank Technology News

Subscribe to Bank Technology News