-
The OCC Sets a New Standard for Vendor Management…
…but will it become the new standard for institutions with other regulators? UPDATE – The answer is yes, at least for the Federal Reserve. Readers of this blog know that I’ve been predicting an increase in vendor management program scrutiny since early 2010. And although the FFIEC has been very active in this area, issuing […]
-
Data Classification and the Cloud
UPDATE – In response to the reluctance of financial institutions to adopt cloud storage, vendors such as Microsoft and HP have announced that they are building “hybrid” clouds. These new models are designed to allow institutions to simultaneously store and process certain data in the cloud, while a portion of the processing or storage is done […]
-
Ask the Guru: Vendor vs. Service Provider
Hey GuruI recently had an FDIC examiner tell me that we needed to make a better distinction between a vendor and a service provider. His point seemed to be that by lumping them together in our vendor management program we were “over-analyzing” them. He suggested that we should be focused instead only on those few […]
-
Incident Response in an Outsourced World
UPDATE – On June 6th the FFIEC formed the Cybersecurity and Critical Infrastructure Working Group, designed to enhance communications between and among the FFIEC members agencies as well as other key financial industry committees and councils. The goal of this group will undoubtedly be to increase the defense and resiliency of financial institutions to cyber […]
-
Technology Service Providers and the new SOC reports
What do all of the 2012 changes to the IT Examination Handbooks have in common? They are all, directly or indirectly, related to vendor management. I had previously identified vendor management as a leading candidate for increased regulatory scrutiny in 2012, and boy was it. (Not all of my 2012 predictions fared as well, I’ll […]
