|
Press Release
April 2, 2008 Princeton, New Jersey Leading Risk Mitigation Consulting Firm Brings Expertise to BITS’ Shared Assessments Program
PRINCETON, NJ -- Churchill & Harriman, Inc., Churchill & Harriman (C&H), the leader in Enterprise Risk Mitigation Solutions, today announced it has joined BITS’ Shared Assessments Program as an Assessment Firm Member. As an Assessment Firm Member, C&H works with companies to leverage the value of the Shared Assessments Program, incorporate standard practices for data protection and risk management, and ultimately drive adoption of the BITS Shared Assessments Program. C&H offers proven expertise in helping companies adopt industry-wide frameworks for risk mitigation and has demonstrated its proficiency in completing over 600 risk assessments worldwide. A division of The Financial Services Roundtable, BITS’ membership is made up of 100 of the largest financial institutions in the United States. BITS launched the Shared Assessments Program in February 2006 to help financial institutions streamline the service provider security assessment process while raising the bar on security in the industry. One company C&H worked with is The Depository Trust & Clearing Corporation (DTCC), which implemented a vendor management program for all service providers with specific requirements for different types of service providers. DTCC incorporated the BITS Shared Assessment Program into their vendor requirements to ensure effective controls for protecting information. Prior to enforcing these requirements for service providers, DTCC completed the self assessment and the third party certification using C&H to better understand how to leverage the BITS Shared Assessments Program standards. C&H performed an independent, third party review of DTCC within the framework of the Shared Assessments Program standards. “DTCC is a recognized industry leader in improving the efficiency and effectiveness of clearance and settlement services for the global market and our customers have an expectation of high resiliency in all of the products and services we offer. The implementation of effective information security controls and practices with DTCC vendors are aligned with our core focus capabilities on behalf of our customers,” said Jim Routh, Chief Information Security Officer, DTCC. “We commend Churchill & Harriman for becoming an assessment firm member of the Shared Assessments Program,” said Catherine A. Allen, former CEO of BITS and Chairman and CEO of The Santa Fe Group. “As we continue to extend adoption of the Shared Assessments Program deeper into financial services and other industries, we welcome forward-thinking organizations like Churchill & Harriman that understand the industry’s need for security assessments that are both rigorous and streamlined.” The Shared Assessments Program consists of two parts. The Standard Information Gathering (SIG) questionnaire provides a snapshot into a service provider’s security controls, while the AUP provides a more detailed report based on multiple security control points. C&H assisted DTCC to implement assessment of its own compliance using the AUP to assess whether the security controls it has deployed -- including people, processes, and procedures – are efficient and cost-effective with the goal of improving security for DTCC and its customers. “For over a decade, C&H has delivered risk mitigation services geared towards information security, regulatory compliance, privacy and standards,” said Ken Peterson, President and CEO, Churchill & Harriman. “Our ability to provide our clients with industry-wide compliance solutions through the Shared Assessments Program reflects our commitment to minimizing business risks by advancing mutually agreed-upon controls and guidelines for use by the global financial services industry and its vendor community.” About Churchill & Harriman Founded in 1986, Churchill & Harriman (C&H) is a leader in information technology consulting and an expert in risk mitigation. C&H serves as a trusted advisor to Fortune 500 companies in the financial, life sciences, insurance, manufacturing and education sectors, along with government entities. C&H has hands-on experience in leading both large and small organizations through the ISO/IEC 27001:2005 compliance and certification process. In fact, a C&H client became the first recipient of the ISO/IEC 27001:2005 certificate in the United States. C&H also has a proven methodology to conduct information security risk assessments based on its experience in conducting over 600 globally to date. With expertise in information security, regulatory compliance, privacy and standards, C&H helps clients develop and implement controls and procedures that identify, value, and mitigate business risk. For More Information Contact: Churchill & Harriman Email: info@chus.com
|
 |
||||||||
Engaging Your Vendors
|
|
|||||||
 |
|
| Site Contents © 1999 - 2008 Churchill & Harriman All Rights Reserved | |