Security Assessment Process » FAQ Categories »

What is a Security Self-Assessment (SSA)?

An SSA is carried out by the User to identify any material increase in the security risk since the last time either a FUSA or VUSA was carried out. The assessment focuses on those areas exposed to any material increase in security risks as indicated by a User’s obligation to identify and manage risk (in accordance with G5.14).

How do I prepare?

  • Submit the Book an Assessment form for review, in corroboration with the User CIO prior to presentation to the SSC.
  • Refer to the list of User questions in the SCF.

What is a Verification User Security Assessment (VUSA)?

A VUSA will address three key areas to determine the extent of any changes since the previous FUSA.

How do I prepare?

  • Refer to the SCF Guidance and engage with SECAS and the User CIO.

What is a Full User Security Assessment (FUSA)?

A FUSA is carried out by the User CIO to assess a User’s compliance with the obligations under SEC Sections G3 to G6, in respect to its User Role. The fieldwork should take between 3 and 10 working days; however, the duration largely depends on User preparedness, the number of observations and use of Shared Resource Provider vs Bespoke User System.

How do I prepare?

  • Use the SCF and engage with SECAS and the User CIO.