Federal Financial Institution Examination Council (FFIEC) IT Reviews
The primary objective in conducting an FFIEC IT review for an institution is to gain an understanding of the Financial Institution’s (FI) information systems, to evaluate the security systems in place, to determine the effectiveness of the FI’s Gramm-Leach-Bliley Act (GLBA) compliance controls and procedures and the overall adequacy of established internal controls.
The IT Systems review takes into consideration the guidelines and standards set forth in the joint regulatory FFIEC EDP Examination Handbook and the related requirements of all FI regulatory agencies related to the security of any FI’s IT system. In addition, we have included procedures that comply with information security related to E-Banking, FedLine security access (wire transfer), Automated Clearing House (ACH), NACHA rules compliance, website compliance, business disaster recovery, social engineering and a “white hat” external penetration test sections.
Our comprehensive FFIEC IT reviews includes, but are not limited to the following key areas:
- Management and administration of IT systems
- Internal IT risk assessment and evaluation
- Access rights controls and authentication
- Network security
- Host security
- User equipment security
- Physical security (to include all branch locations)
- Personnel security
- Application Security
- Software development and acquisition
- Business continuity- security
- Service provided oversight- security
- Encryption
- Data security
- Security monitoring – (IDS/IPS)
- E-banking
- FedLine access/ wire transfers
- Social engineering
- External penetration test
- Automated clearing house (ACH) and NACHA – security
- Identity Theft “Red Flags”
- Website compliance
Our comprehensive audit scope will meet your institution’s regulatory compliance needs. Contact us today to see how we can assist your institution stay compliant. |