Compliance

1. Global Association of Risk Professionals (GARP)
http://www.garp.com/

Global Association of Risk Professionals (GARP) is a not-for-profit association specialized in financial risk management. The Financial Risk Manager (FRM) program was organized in 1997 and has grown steadily and dramatically. The FRM is a comprehensive examination both in content and questions. The FRM covers buy and sell-side issues as well as corporate and regulatory risk concepts. It is not geared toward any one risk management discipline.

2. Professional Risk Managers International Association (PRMIA)
http://www.prmia.org

PRMIA (Professional Risk Managers International Association is a non-profit professional association of risk professionals. The PRM (Professional Risk Manager) Certification is the global standard for financial risk managers. The exam consist of
Exam I: Finance Theory, Financial Instruments and Markets (30 questions)
Exam II: Mathematical Foundations of Risk Measurement (24 questions)
Exam III: Risk Management Practices (36 questions)
Exam IV: Case Studies, PRMIA Standards of Best Practice, Conduct and Ethics (30 questions)

3. BAI Center for Certification
http://www.bai.org
Certified Risk Professional (CRP) Developed by BAI Center for Certification, the CRP designation recognizes financial services professionals who meet a demanding set of examinations, experience, education and ethical requirements.

Download Free FERC-NERC ISO 27002 Policy Map. This document explain how specific policy topic ISO 17799/27001 map to the cyber security requirements of the Mandatory Reliability Standards for Critical Infrastructure Protection from Federal Energy Regulatory Commission (FERC).

Download free SAS 70 (Statement on Auditing Standards no 70) for Data Center Physical Security Checklist. This checklist could be used to assess whether your Data Center already have enough security level against threat. This checklist cover access control

This SAS 70 (Statement on Auditing Standards no 70) Compliance Procedure could be used to help you and your company complying against Statement of Auditing Standards. This step by step procedure covering SAS 70 Type I or Type II Field work. For example covering Initial discussion between service auditor and service organization for the purposes of understanding the scope, timing and final deliverables of the audit.

Different business applications have different security requirements. These are determined by identifying all the information that the business systems are carrying and through the individual risk assessments carried out for each critical business system; these risk assessments point at who should, and should not, be allowed access to the system.

Some information required for particular business applications may be processed by people who do not need access to the application itself (the ‘need-to-know’ principle in action). An example might be in an office workflow system, where the person who inputs a supplier delivery note to a purchase and payments application does not need access to the actual accounting or payment functions of the system. Such a person would need different access rights from those required by a person who triggers actual vendor payments.