…at least in Georgia. The most recent Georgia State IT examinations are using a carbon copy of the FDIC 12/07 pre-examination IT questionnaire. If your primary federal regulator is the FDIC, this makes filling out the State questionnaire much easier. If not however, you’ll want to familiarize yourself with the format.
There are 5 parts to the questionnaire:
- Risk Assessment
- Operations Security and Risk Management
- Audit/Independent Review Program
- Disaster Recovery and Business Continuity Management
- Vendor Management and Service Provider Management (newer version), or
- Gramm-Leach-Bliley Act/FDIC Rules and Regulations – 12 CFR Part 364 Appendix B (older version)
Also, we’ve definitely seen increased State examiner activity in general. I’ve seen more State exam questionnaires this month than I’ve seen in the past 4 months.
UPDATE: Add the State of Maryland to this list, with Vendor Management as Part 5.