The leading knowledge platform for the financial technology industry
The leading knowledge platform for the financial technology industry

A-Team Insight Blogs

Cloud Industry Forum Joins Third Party Assurance Initiative

The Cloud Industry Forum (CIF) today announced it has partnered with the Third Party Assurance Centre (TPAC), a business assurance initiative, formed to help minimise outsourcing risks. Other industry bodies partnering with TPAC include the Information Security Forum, Cloud Security Alliance, Common Assurance Maturity Model, and the Payment Card Industry board of advisers.

A recent whitepaper collectively produced by these industry bodies entitled, “Business Assurance for the 21st Century,” highlights that third parties managing data should be asked questions about the security systems they have in place and the standards they adhere to. TPAC aims to combat security risks faced by organisations that manage third-party suppliers by introducing transparency into the supply chain.

Raj Samani, founder of the Common Assurance Maturity Model (CAMM), and chief technology officer Europe, Middle East and Africa for security firm McAfee, commented: “Organisations should create contracts which outline the level of security that they expect from their third parties, whether data is being managed in the cloud or on-premise. This way, when organisations get tenders for business coming through, they are assured that third parties are transparent about risk levels. Transparency is heavily encouraged by CIF as are contracts. We are delighted they are coming on board with TPAC to advocate best practice across the wider IT sector.”

Andy Burton, chairman of the Cloud Industry Forum commented: “CIF fully supports the initiative of providing a third party assurance framework to help establish trust online, and we see this as complementary to the CIF Code of Practice which was launched in 2010 to engender best practice within the Cloud Service Provider market by requiring Certification against the inter-dependent pillars of Transparency, Accountability and Capability. Both the CIF Code of Practice and the Third Party Assurance initiative have a common aim of providing end users with a frame of reference to make informed decisions in their use of online services. To that end we are keen to work alongside our industry peers to see if we can help make this a reality.”

A website will shortly be launched for the initiative under the following url: www.the-third-party-assurance-centre.com.

Related content

WEBINAR

Upcoming Webinar: Data management for ESG requirements

Date: 13 May 2021 Time: 10:00am ET / 3:00pm London / 4:00pm CET Duration: 50 minutes Environmental, Social and Governance (ESG) investing is moving into the mainstream, requiring asset managers to develop ESG strategies that deliver for both the firm and its investors. While these strategies can outperform those that do not include ESG factors,...

BLOG

How to use the LEI to Solve your Onboarding Problems and Cut Costs

Client onboarding and lifecycle management are an ongoing problem at many financial institutions, with inefficiencies often caused by layers of technologies and processes added to capture required data and avoid fines when new rules and regulations are introduced. A solution to the problem, which could save the global banking industry billions of dollars a year...

EVENT

Data Management Summit Virtual

The Data Management Summit Virtual will bring together the global data management community to share lessons learned, best practice guidance and latest innovations to emerge from the recent crisis. Join us online to hear from leading data practitioners and innovators from the UK, US and Europe who will share insights into how they are pushing the boundaries with data to deliver value with flexible but resilient data driven strategies.

GUIDE

Regulatory Data Handbook 2019/2020 – Seventh Edition

Welcome to A-Team Group’s best read handbook, the Regulatory Data Handbook, which is now in its seventh edition and continues to grow in terms of the number of regulations covered, the detail of each regulation and the impact that all the rules and regulations will have on data and data management at your institution. This...