Skip to content

Issuing an RFP for Risk Assessment Services

Answered by: 

Question: 
I need to issue an RFP for IT risk assessment consultancy services. What should be the scope and detail covered by the RFP?
Answer: 

It's difficult for anyone to tell you what your RFP should include, because by its very nature an RFP is specific to your needs and requirements. As a general starting point, I'd want the IT risk assessment to fall in line with the FFIEC and functional regulator guidance on IT matters and I'd want the assessment to be based on a standard framework (like COBIT). I'd want to know what framework was being proposed and why.

First published on BankersOnline.com 7/09/07

First published on 07/09/2007

Filed under: 
Filed under technology as: 

Search Topics