An SSA is carried out by the User to identify any material increase in the security risk since the last time either a FUSA or VUSA was carried out. The assessment focuses on those areas exposed to any material increase in security risks as indicated by a User’s obligation to identify and manage risk (in accordance with G5.14).

How do I prepare?

• Submit the Book an Assessment form for review, in corroboration with the User CIO prior to presentation to the SSC.
• Refer to the list of User questions in the SCF.

A VUSA will address three key areas to determine the extent of any changes since the previous FUSA.

How do I prepare?

• Refer to the SCF Guidance and engage with SECAS and the User CIO.

A FUSA is carried out by the User CIO to assess a User’s compliance with the obligations under SEC Sections G3 to G6, in respect to its User Role. The fieldwork should take between 3 and 10 working days; however, the duration largely depends on User preparedness, the number of observations and use of Shared Resource Provider vs Bespoke User System.

How do I prepare?

• Use the SCF and engage with SECAS and the User CIO.