Answer:
It's difficult for anyone to tell you what your RFP should include, because by its very nature an RFP is specific to your needs and requirements. As a general starting point, I'd want the IT risk assessment to fall in line with the FFIEC and functional regulator guidance on IT matters and I'd want the assessment to be based on a standard framework (like COBIT). I'd want to know what framework was being proposed and why.
First published on BankersOnline.com 7/09/07