The goal was to create consistent standards for use in evaluating the controls that outsourcing vendors use to protect sensitive data, said Faith Boettger, a senior consultant at BITS, the technology arm of the Washington-based Financial Services Roundtable.

The standards are now available to the financial services community, following a trial of the program undertaken by five service providers, including IBM, Acxiom Corp. and First Data Corp.

The standards program, called the Financial Institution Shared Assessments Program, was developed by BITS, Bank of America Corp., The Bank of New York Co., Citigroup Inc., JPMorgan Chase & Co., U.S. Bancorp and Wells Fargo & Co. Accounting firms Deloitte & Touche LLP, KPMG International, PricewaterhouseCoopers and Ernst & Young International serve as technical advisers for the program.

The guidelines can be used to evaluate an outsourcer's controls for access, asset classification, personnel security, physical and environmental security, communications, business continuity and regulatory compliance, Boettger said.

The group expects that the standards will result in improved security and risk-management practices, she said. The program will also give auditing firms standard criteria for measuring the security practices of different service providers, she added.