-
SOC Report Selection & Evaluation Aids
With the SAS 70 phasing out on 6/15, financial institutions have a dual challenge; determining the best report to request, and evaluating the report they are provided. To assist with this challenge, I’ve created two documents. The first, or Step 1, is a SOC Selection Flowchart, which is available here. This will assist in determining…
-
Third-Party Risk Management Final Guidance – An In-depth Analysis
Background In July of 2021, the three primary bank regulators (OCC, FDIC, and Federal Reserve) proposed new guidance on third-party risk management (TPRM). According to the agencies, “The proposed guidance provides a framework based on sound risk management principles that banking organizations may use to address the risks associated with third-party relationships.” In June of…
-
Is It Time to Take the CAT to the Vet?
How a New Framework Can Improve Cybersecurity Assessments in Financial Institutions. In the age of digital banking, maintaining robust cybersecurity risk assessments and control reviews is paramount to protecting sensitive data from potential threats, and passing rigorous IT audits and examinations. Historically, a key tool in the arsenal has been the Cybersecurity Assessment Tool (CAT)…
-
The State of the (Credit) Union According to the NCUA Chairman
Last month, NCUA chairman Todd M. Harper delivered his “State of the (Credit) Union” during the 2023 Governmental Affairs Conference. Harper covered multiple areas of interest to credit unions including: But in this post, we’ll focus on 3 topics directly related to information security: cybersecurity risk, the need for centralized vendor authority, and Fintechs. The…
-
Have There Been Any Official Board Reporting Updates to the FFIEC InfoSec Handbook since 2016?
Hey Guru! Do you have any additional blogs about FDIC changing the annual IT report to the board? I saw the article from 2012 and was wondering if there are any updates to that. Has the FFIEC updated its Information Security IT Handbook after 2016 in regard to this subject?Thank you,Lynn Hi Lynn, and thanks…