Compliance Guru • FFIEC Guidance
  • Ask the Guru
  • The Guru Speaks
  • About
  • Ask the Guru
  • The Guru Speaks
  • About
The Compliance Guru Pictogram

Are You Ready for the New BCM Handbook?

Take the Quiz

Moving Beyond the ACET: Next Steps

Get a Copy

Role of the Information Security Officer

Get a Copy

Pandemic testing and the Business Continuity Plan
By The Safe Systems Compliance Team  |  In Ask the Guru

Pandemic Testing and the BCP

Hey Guru! We finished a FDIC exam earlier this year, and in the IT portion they hit us on our pandemic plan saying it “needed improvement.” Here is the actual finding: Management should improve the pandemic plan within the Business Continuity Plan. The pandemic plan has no defined action plan, nor has it been tested. […]

Read Post 0
Passing along exam findings
By The Safe Systems Compliance Team  |  In Ask the Guru

Ask the Guru: Is it Legal to Share Exam Findings?

Hey Guru! We contracted with Safe Systems to help remediate exam findings, but we were told by the examiner that we are not allowed to share examination findings “under penalty of law”. How do we share this critical information with you without getting into legal trouble? Thanks for the question, here is where this issue […]

Read Post 0
Addressing BCP and Incident Response in a Vendor Contract
By The Safe Systems Compliance Team  |  In Ask the Guru

Ask the Guru: Addressing BCP and Incident Response in Vendor Contracts

Hey Guru! I’m looking at an FIL that came out recently (FIL-19-2019), and trying to figure out how to react to it. In your opinion, how do we “ensure that business continuity and incident response risks are adequately addressed” in our contracts? We do get copies of their BCP/IRP plans and their insurance, and we […]

Read Post 0
DDos Attacks
By The Safe Systems Compliance Team  |  In Hot Topics

Misuse, Denied Access, and Incident Response

It may be a good time to review your Incident Response Plan and determine if additional clarification regarding the term “misuse” should be added to incorporate denial of access to information. The FFIEC Information Technology Examination Handbook for Information Security was published in September 2016 and refers to misuse as “attacks from within the organizations”. […]

Read Post 0
Financier Works on a Personal Computer Showing Statistics, Graphs and Charts. In the Background His Coworker and Creative Office.
By The Safe Systems Compliance Team  |  In From the Field

Asset Lifecycle Management

Since both Windows 7 and Server 2008 R2 will reach end-of-life support in January of 2020, many organizations have already made the jump to Windows 10 and Windows Server 2012, 2016, 2019, or Azure. If you have full control over the asset lifecycle management process for your financial institution you may have already completed this […]

Read Post 0
Best GDPR Practices for Financial Institutions
By The Safe Systems Compliance Team  |  In Ask the Guru

Ask the Guru: GDPR

Hey Guru! I have heard a lot about GDPR recently, but I am not terribly familiar with it. I already break my back to stay in compliance with FFIEC guidance. Do I have anything more to worry about here? GDPR has certainly been in the news for the past few months as implementation was required […]

Read Post 0
Digital Files
By The Safe Systems Compliance Team  |  In Ask the Guru

Ask the Guru: A Prospective Vendor Either Won’t or Can’t Provide the Documentation We Need. What Should We Do?

Hey Guru! We’re doing our due diligence on a new HR software package. We’ve requested the vendor’s financials and a SOC 2 report, but they told us they don’t provide financials (they are privately held), and their SOC 2 won’t be completed until the end of the year. They do have a SOC 1. What […]

Read Post 0
How does this change your current approach?
By The Safe Systems Compliance Team  |  In Hot Topics

FFIEC Issues Joint Statement on Cyber Insurance

The statement is here, and is intended to provide additional awareness about the possible use of cyber insurance to off-set financial losses resulting from cyber incidents. Here are a few high-level observations: First of all, we’ve seen several announcements from various organizations stating that “the FFIEC has released new guidance…”. The statement makes it clear […]

Read Post 0
Going beyond the FFIEC Cybersecurity Assessment Tool (CAT)
By The Safe Systems Compliance Team  |  In Hot Topics

Cybersecurity – Beyond the Assessment

The FFIEC Cybersecurity Assessment Tool has been out since 2015, and by now almost all financial institutions have completed it at least once, some as many as 3-4 times. Although most of the examiner feedback we’ve gotten indicates that simply completing is all regulators are looking for at this time, the FFIEC made it clear […]

Read Post 0
Banker looking over the CAT
By The Safe Systems Compliance Team  |  In Hot Topics

FFIEC Cybersecurity Assessment Tool Update

The FFIEC recently released a long-awaited update to the Cybersecurity Assessment Tool, and we think overall it is a relatively minor but useful evolution. But before we get into the details of what the update does address, it’s important to note that it did not address the ambiguity issues that plague the current assessment. One […]

Read Post 0
Newer
12
Older

Join Our Community

Browse Posts

  • Ask the Guru
  • Ask the ISO
  • From the Field
  • Hot Topics
  • Reading Between the Lines
  • Resources

Copyright © Compliance Guru®.
All Rights Reserved.

Powered by Safe Systems. Privacy Policy

Stay up to date with these pandemic resources for community banking.See COVID-19 Resources
+