SHARED ASSESSMENTS PROGRAM STANDARD INFORMATION GATHERING (SIG) QUESTIONNAIRE 2014 MAPPING TO OCC GUIDANCE ( ) ON THIRD PARTY RELATIONSHIPS
|
|
- Diane Garrett
- 8 years ago
- Views:
Transcription
1 SHARED ASSESSMENTS PROGRAM STANDARD INFORMATION GATHERING (SIG) QUESTIONNAIRE 2014 MAPPING TO OCC GUIDANCE ( ) ON THIRD PARTY RELATIONSHIPS An overview of how the Shared Assessments Program SIG 2014 aligns with the Risk Management Guidance issued by the Office of the Comptroller of the Currency (OCC ) dated October 30, 2013 OCC GUIDANCE I. Strategies and Goals: Review of the third party s overall business strategy and goals to ensure no conflict with those of the organization Consider how the third party s current and proposed strategic business arrangements (such as mergers, acquisitions, divestitures, joint ventures, joint marketing initiatives) may affect the activity Consider reviewing the third party s service philosophies Consider reviewing the third party s quality initiatives Consider reviewing the third party s efficiency improvements e. Consider reviewing the third party s employment policies and practices II. Legal and Regulatory Compliance: Evaluate the third party s legal and regulatory compliance program Tab I: Information Systems Application Development and Maintenance Tab I: Information Systems Application Development and Maintenance (for employment policies and practices) Tab E: Human Resources Security 1
2 Determine whether the third party has the necessary licenses to operate Tab D: Asset Management (D.1.2 Software Licenses) Determine whether the third party has the necessary expertise, process, and controls to enable the bank to remain compliant with domestic and international laws and regulations Tab L: Compliance (L.4) Tab C: Organizational Security Check compliance status with regulators Tab L: Compliance (L.2) Check compliance status with self- regulatory organizations Tab L: Compliance (L.2) III. Financial Condition: Assess third party s financial condition Perform reviews of the third party s audited financial statements. Evaluate growth, earnings, unfunded liabilities, and other factors that may affect the third party s overall financial stability Review for any pending litigations Tab: Business Information (B.17- B.18) IV. Business Experience and Reputation: Evaluate third party s depth of resources and previous experience providing specific activity Assess the third party s reputation, including history of customer complaints Assess the third party s reputation, including history of litigation Tab B: Business Information (B.17- B.18) Determine how long the third party has been in business Tab B: Business Information (B.16) Determine the market share for the activities e. f. Determine whether there have been significant changes in activities offered or in its business model Reference checks with industry associations, Better Business Bureau, Federal Trade Commission, state attorneys general offices, state consumer affairs offices, and similar foreign authorities g. Check U.S. Securities and Exchange Commission (SEC) or other regulatory filings 2
3 h. i. Review the third party s Websites and other marketing materials to ensure that statements and assertions are inline with the bank s expectations and do not overstate or misrepresent activities and capabilities Determine whether and how third party plans to use the bank s name and reputation in marketing efforts (Privacy Policies) V. Fee Structure and Incentives Evaluate the third party s normal fee structure and incentives for similar business arrangements and determine if fee structure and incentives would create burdensome upfront fees or result in inappropriate risk taking by the third party or the bank VI. Qualifications, Backgrounds, and Reputations of Company Principals Ensure the third party periodically conducts thorough background checks on its senior management Ensure the third party periodically conducts thorough background checks on its employees Ensure the third party periodically conducts thorough background checks on its subcontractors Ensure that third parties have policies and procedures in place for removing employees who do not meet minimum background check requirements 1 Not addressed in SIG Tab E: Human Resource Security (E.2 Background Checks Prior to Employment) 3 Not addressed in SIG Tab E: Human Resource Security (E.7 Constituent Termination Process) VII. Risk Management: Evaluate the effectiveness of the third party s risk management program, including policies, processes, and internal controls Performs internal audit function independently Tab L: Compliance (L.11) 1 SIG 2015 also address background checks of senior management 2 SIG 2015 will also include periodic background checks during employment tenure 3 SIG 2015 will include periodic background checks of subcontractors The new version of the Shared Assessments Program Tools, including SIG 2015, will be released January
4 Third party effectively tests and reports on internal controls Tab L: Compliance (L.3; L.4; L.7- L.13) e. Process for escalating, remediating, and holding management accountable for concerns identified during audits or independent tests Review any certification or assessments by independent third parties for compliance with risk control standards Certification by independent third parties for compliance with domestic or international internal control standards (e.g., the National Institute of Standards and Technology and the International Standards Organization) Tab L: Compliance (L.7; L.8; L.11; L.13) 4 Not addressed in SIG VIII. Information Security: Assess the third party s information security program A. B. Determine whether third party has sufficient experience in identifying, assessing, and mitigating known and emerging threats and vulnerabilities When technology is necessary to support service delivery, assess third party s infrastructure and application security programs When technology is necessary to support service delivery, assess third party s software development lifecycle When technology is necessary to support service delivery, assess third party s results of vulnerability and penetration tests Tab B: Security Policy (B.1) Development & Maintenance (I.1, I.2, I.3, I.4, I.5) Tab B: Security Policy (B.1) Development & Maintenance Development & Maintenance (I.2.7) Tab G: Communications and Operations Management (G.10) Development & Maintenance (I.3.2) 4 SIG 2015 will include certifications by independent third parties in the Business Information and Documentation Tabs 4
5 Evaluate the third party s ability to implement effective and sustainable corrective actions to address deficiencies discovered during testing Development & Maintenance (I.5) IX. Management of Information Systems: Gain a clear understanding of the third party s business processes and technology that will be used to support the activity X. Resilience Review the third party s processes for maintaining accurate inventories of its technology and its subcontractors Assess change management process to ensure that clear roles, responsibilities, and segregation are in place Understand the third party s performance metrics for its information systems and ensure they meet the bank s expectations Tab D: Asset Management Tab C: Organizational Security (C ) Tab G: Communications and Operation Management (G.2) Assess the third party s ability to respond to service disruptions or degradations resulting from natural disasters, human error, or intentional physical or cyber attacks Determine whether the third parties maintains disaster recovery and business continuity plans that specify the timeframe to resume activities and recover data Review the third party s telecommunications redundancy and resilience plans Ensure third party s redundancy and resilience plans include preparations for known and emerging threats and vulnerabilities (wide scale natural disasters, distributed denial of service attaches or other intentional or unintentional events Review results of business continuity testing and performance during actual disruptions XI. Incident Reporting and Management Programs (K.3.2, K.3.3) (K ) (K.1.2.1) 5
6 Review the third party s incident reporting and management programs to ensure there are clearly documented processes and accountability for identifying, reporting, investigating, and escalating incidents XII. Physical Security Evaluate whether the third party has sufficient physical and environmental controls to ensure the safety and security of its facilities, technology systems, and employees XIII. Human Resources Management Review the third party s program to train and hold employees accountable for compliance with policies and procedures Review the third party s succession and redundancy planning for key management and support personnel Tab J: Incident Event and Communications Management Tab B: Security Policy (B.1.29) Tab F: Physical and Environmental Security Tab E: Human Resources Security (E.3- E.6) XIV. Reliance on Subcontractors Evaluate the volume and types of subcontracted activities Tab C: Organizational Security (C.2) Evaluate the subcontractor geographic locations Quality control - assessment, monitoring and mitigation of risk from use of subcontractors Tab C: Organizational Security (C.2) XV. Insurance Coverage Verify that the third party has fidelity bond coverage attributable to dishonest acts. (The amounts of such coverage should be commensurate with the level of risk involved with the third party s operations and the type of activities to be provided) Verify that the third party has Liability coverage for losses attributable to negligent acts. (The amounts of such coverage should be commensurate with the level of risk involved with the third party s operations and the type of activities to be provided) 6
7 OCC GUIDANCE Verify that the third party has hazard insurance covering fire, loss of data and protection of documents. (The amounts of such coverage should be commensurate with the level of risk involved with the third party s operations and the type of activities to be provided) Determine whether the third party has insurance coverage for its intellectual property rights, as such coverage may not be available under a general commercial policy. (The amounts of such coverage should be commensurate with the level of risk involved with the third party s operations and the type of activities to be provided) XVI. Conflicting Contractual Arrangements with Other Parties Obtain information regarding legally binding arrangements with subcontractors or other parties in cases where the third party has indemnified itself, as such arrangements may transfer risks to the bank Tab D: Asset Management (D.3 refers broadly to coverage for business interruption or general services interruption, and to products and services) Tab D: Asset Management (D.3 refers broadly to coverage for business interruption or general services interruption, and to products and services) Tab C: Organizational Security (C ) Evaluate the potential legal and financial implications to the bank of these contracts between the third party and its subcontractors or other parties Tab C: Organizational Security (C ) 7
White Paper on Financial Institution Vendor Management
White Paper on Financial Institution Vendor Management Virtually every organization in the modern economy relies to some extent on third-party vendors that facilitate business operations in a wide variety
More informationVENDORINSIGHTU P D A T E
VENDORINSIGHTU P D A T E November 12, 2013 COMPLIANCE VendorINSIGHT is the industry-leading solution for financial institutions offering the most features and capabilities for vendor risk monitoring. Ask
More informationPAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA
Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand
More informationExternal Supplier Control Requirements
External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must
More informationExternal Supplier Control Requirements
External Supplier Control Requirements Cyber Security For Suppliers Categorised as High Cyber Risk Cyber Security Requirement Description Why this is important 1. Asset Protection and System Configuration
More informationTABLE OF CONTENTS CHAPTER TITLE PAGE
viii TABLE OF CONTENTS CHAPTER TITLE PAGE TITLE PAGE DECLARATION DEDICATION ACKNOWLEDGEMENT ABSTRACT ABSTRAK TABLE OF CONTENTS LIST OF TABLES LIST OF FIGURES LIST OF APPENDICES I II III IV VI VII VIII
More informationRisk Management of Outsourced Technology Services. November 28, 2000
Risk Management of Outsourced Technology Services November 28, 2000 Purpose and Background This statement focuses on the risk management process of identifying, measuring, monitoring, and controlling the
More informationTO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel
AL 2000 12 O OCC ADVISORY LETTER Comptroller of the Currency Administrator of National Banks Subject: Risk Management of Outsourcing Technology Services TO: Chief Executive Officers of National Banks,
More informationMorgan Stanley. Policy for the Management of Third Party Residential Mortgage Servicing Providers
Morgan Stanley Policy for the Management of Third Party Residential Mortgage Servicing Providers Title Policy for the Management of Third Party Residential Mortgage Servicing Providers Effective Date Owner
More informationCyber security standard
Cyber security standard Brief description This *Standard specifies security standards that protect *ICT systems and data from unintended or unauthorized access, damage or destruction. Related policies
More informationGUIDANCE FOR MANAGING THIRD-PARTY RISK
GUIDANCE FOR MANAGING THIRD-PARTY RISK Introduction An institution s board of directors and senior management are ultimately responsible for managing activities conducted through third-party relationships,
More informationOutsourcing has become a critical component of financial institutions management
Skadden Skadden, Arps, Slate, Meagher & Flom LLP & Affiliates If you have any questions regarding the matters discussed in this memorandum, please contact the following attorneys or call your regular Skadden
More informationAny business relationship between a bank and another entity, by contract or otherwise
An Overview for Bank Directors Managing the Third Party Relationship Patrick Neuman Boardman & Clark LLP Madison, Wisconsin Any business relationship between a bank and another entity, by contract or otherwise
More informationFFIEC Cybersecurity Assessment Tool
Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,
More informationVendor Management. Outsourcing Technology Services
Vendor Management Outsourcing Technology Services Objectives Board and Senior Management Responsibilities Risk Management Program Risk Assessment Service Provider Selection Contracts Ongoing Monitoring
More informationINTRODUCTION I. CONSTITUTION
INTRODUCTION Enbridge Energy Partners, L.P.(the Partnership ) is a Delaware limited partnership whose Class A Common Units are registered under Section 12 of the Securities and Exchange Act of 1934, as
More informationOutsourcing Technology Services A Management Decision
Outsourcing Technology Services A Management Decision A Telephone Seminar for National Banks Tuesday, July 20, 2004 And again on Wednesday, July 21, 2004 Agenda Outsourcing activities and relationships
More informationVendor Management Compliance Top 10 Things Regulators Expect
Vendor Management Compliance Top 10 Things Regulators Expect Paul M. Phillips, CFA Attorney, Adams and Reese Pamela T. Rodriguez, AAP, CIA, CISA EVP, Risk Management & Education, EastPay 2014 EastPay.
More informationCENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT
CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14
More informationFINANCIAL SERVICES FLASH REPORT
FINANCIAL SERVICES FLASH REPORT OCC Updates Guidance on Third-Party Relationships December 2, 2013 Introduction On November 4, 2013, the Office of the Comptroller of the Currency (OCC) released Bulletin
More informationBusiness Continuity Plan
Business Continuity Plan Introduction This manual documents the business continuity plan for Eastwood Wealth Management, an LPL Financial branch office that conducts business in: equity, fixed income,
More informationThe CIPM certification is comprised of two domains: Privacy Program Governance (I) and Privacy Program Operational Life Cycle (II).
Page 1 of 7 The CIPM certification is comprised of two domains: Privacy Program Governance (I) and Privacy Program Operational Life Cycle (II). Domain I provides a solid foundation for the governance of
More informationI S O I E C 2 7 0 0 2 2 0 1 3 I N F O R M A T I O N S E C U R I T Y A U D I T T O O L
15.1 ESTABLISH SECURITY AGREEMENTS WITH SUPPLIERS 15.1.1 EXPECT SUPPLIERS TO COMPLY WITH RISK MITIGATION AGREEMENTS Do you clarify the information security risks that exist whenever your suppliers have
More informationStatement of Guidance: Outsourcing All Regulated Entities
Statement of Guidance: Outsourcing All Regulated Entities 1. STATEMENT OF OBJECTIVES 1.1. 1.2. 1.3. 1.4. This Statement of Guidance ( Guidance ) is intended to provide guidance to regulated entities on
More informationCredit Union Liability with Third-Party Processors
World Council of Credit Unions Annual Conference Credit Union Liability with Third-Party Processors Andrew (Andy) Poprawa CEO, Deposit Insurance Corporation of Ontario Canada 1 Credit Union Liability with
More informationStepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM
Stepping Through the Info Security Program Jennifer Bayuk, CISA, CISM Infosec Program How to: compose an InfoSec Program cement a relationship between InfoSec program and IT Governance design roles and
More informationCESG Certification of Cyber Security Training Courses
CESG Certification of Cyber Security Training Courses Supporting Assessment Criteria for the CESG Certified Training (CCT) Scheme Portions of this work are copyright The Institute of Information Security
More informationPRIVACY OF CONSUMERS' FINANCIAL INFORMATION PART 12 501(b) AND BANK MANAGEMENT
PRIVACY OF CONSUMERS' FINANCIAL INFORMATION PART 12 501(b) AND BANK MANAGEMENT RESOURCES PROVIDED THROUGH APRIL 2001 Slides Narration In the last presentation, you learned about some of the general responsibilities
More informationCOPYRIGHTED MATERIAL. Contents. Acknowledgments Introduction
Contents Acknowledgments Introduction 1. Governance Overview How Do We Do It? What Do We 1 Get Out of It? 1.1 What Is It? 1 1.2 Back to Basics 2 1.3 Origins of Governance 3 1.4 Governance Definition 5
More informationBUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS
BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS DIRECTORATE OF BANKING SUPERVISION AUGUST 2009 TABLE OF CONTENTS PAGE 1.0 INTRODUCTION..3 1.1 Background...3 1.2 Citation...3
More informationWHITE PAPER Third-Party Risk Management Lifecycle Guide
WHITE PAPER Third-Party Risk Management Lifecycle Guide Develop and maintain compliant third-party relationships by following these foundational components of a best-practice assessment program. Third
More informationIT Governance Regulatory. P.K.Patel AGM, MoF
IT Governance Regulatory Perspective P.K.Patel AGM, MoF Agenda What is IT Governance? Aspects of IT Governance What banks should consider before implementing these aspects? What banks should do for implementation
More informationState Agency Cyber Security Survey v 3.4 2 October 2014. State Agency Cybersecurity Survey v 3.4
State Agency Cybersecurity Survey v 3.4 The purpose of this survey is to identify your agencies current capabilities with respect to information systems/cyber security and any challenges and/or successes
More informationThe PNC Financial Services Group, Inc. Business Continuity Program
The PNC Financial Services Group, Inc. Business Continuity Program subsidiaries) 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis
More informationRisks and uncertainties
Risks and uncertainties Our risk management approach We have a well-established risk management methodology which we use throughout the business to allow us to identify and manage the principal risks that
More informationPharmaceutical and Biomedical Due Diligence Checklist
Pharmaceutical and Biomedical Due Diligence Checklist Pharmaceutical and Biomedical Due Diligence Checklist 2 This due diligence checklist template includes many of the key items that are required in M&A
More informationwww.pwc.com Business Resiliency Business Continuity Management - January 14, 2014
www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 Agenda Key Definitions Risks Business Continuity Management Program BCM Capability Assessment Process BCM Value Proposition
More informationFIELDSTONE 120 West 45th Street, Suite 1400, New York, NY 10036 TEL: (212) 626-1400 FAX: (212) 626-1414
FIELDSTONE 120 West 45th Street, Suite 1400, New York, NY 10036 TEL: (212) 626-1400 FAX: (212) 626-1414 Fieldstone Services Corp. Business Continuity Plan (BCP) General guidance and background: Please
More informationLEMLEY, YARLING & CO. LEMLEY, YARLING MANAGEMENT CO. BUSINESS CONTINUITY PLAN
I. Emergency Contact Persons LEMLEY, YARLING & CO. LEMLEY, YARLING MANAGEMENT CO. BUSINESS CONTINUITY PLAN Our firm s two emergency contact persons are: Ralph J. Lemley, Budlemley@aol.com, (608) 624-5777
More information30-SECOND SUMMARY The Federal Reserve and the Office of the Comptroller of the Currency (OCC)
30-SECOND SUMMARY The Federal Reserve and the Office of the Comptroller of the Currency (OCC) have issued extensive new guidance to financial institutions about the use of third parties to perform functions
More informationRegulations on Information Systems Security. I. General Provisions
Riga, 7 July 2015 Regulations No 112 (Meeting of the Board of the Financial and Capital Market Commission Min. No 25; paragraph 2) Regulations on Information Systems Security Issued in accordance with
More informationInstructions for Completing the Information Technology Officer s Questionnaire
Instructions for Completing the The (Questionnaire) contains questions covering significant areas of a bank s information technology (IT) function. Your responses to these questions will help determine
More informationVendor Risk Management in the New Regulatory Environment. kpmg.com
Vendor Risk Management in the New Regulatory Environment kpmg.com Vendor Risk Management in the New Regulatory Environment 2 Vendor Risk Management in the New Regulatory Environment Background Regulators
More informationSchneps, Leila; Colmez, Coralie. Math on Trial : How Numbers Get Used and Abused in the Courtroom. New York, NY, USA: Basic Books, 2013. p i.
New York, NY, USA: Basic Books, 2013. p i. http://site.ebrary.com/lib/mcgill/doc?id=10665296&ppg=2 New York, NY, USA: Basic Books, 2013. p ii. http://site.ebrary.com/lib/mcgill/doc?id=10665296&ppg=3 New
More informationNexTrend Securities, Inc. Business Continuity Plan (BCP)
NexTrend Securities, Inc. Business Continuity Plan (BCP) I. Emergency Contact NexTrend Securities, Inc. (the firm ) emergency contact person: Name: Mark Cherlin Position: Executive Representative and Registered
More informationMEMORANDUM. Date: October 28, 2013. Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance
MEMORANDUM Date: October 28, 2013 To: Federally Regulated Financial Institutions Subject: Guidance The increasing frequency and sophistication of recent cyber-attacks has resulted in an elevated risk profile
More informationOVERVIEW. In all, this report makes recommendations in 14 areas, such as. Page iii
The Office of the Auditor General has conducted a procedural review of the State Data Center (Data Center), a part of the Arizona Strategic Enterprise Technology (ASET) Division within the Arizona Department
More informationFinancial Services Guidance Note Outsourcing
Financial Services Guidance Note Issued: April 2005 Revised: August 2007 Table of Contents 1. Introduction... 3 1.1 Background... 3 1.2 Definitions... 3 2. Guiding Principles... 5 3. Key Risks of... 14
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT
HIPAA BUSINESS ASSOCIATE AGREEMENT This Agreement, dated as of, 2015 ("Agreement"), by and between, on its own behalf and on behalf of all entities controlling, under common control with or controlled
More informationThe PNC Financial Services Group, Inc. Business Continuity Program
The PNC Financial Services Group, Inc. Business Continuity Program 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis (BIA) Page
More informationFAR Clause 52.212-5 CONTRACT TERMS AND CONDITIONS REQUIRED TO IMPLEMENT STATUTES OR EXECUTIVE ORDERS COMMERCIAL ITEMS (NOVEMBER 2015)
FAR Clause 52.212-5 CONTRACT TERMS AND CONDITIONS REQUIRED TO IMPLEMENT STATUTES OR EXECUTIVE ORDERS COMMERCIAL ITEMS (NOVEMBER 2015) (a) The Contractor shall comply with the following Federal Acquisition
More informationOperational Risk Management Policy
Operational Risk Management Policy Operational Risk Definition A bank, including a development bank, is influenced by the developments of the external environment in which it is called to operate, as well
More informationThe Weill Cornell Medical College and Graduate School of Medical Sciences. Responsible Department: Information Technologies and Services (ITS)
Information Technology Disaster Recovery Policy Policy Statement This policy defines acceptable methods for disaster recovery planning, preparedness, management and mitigation of IT systems and services
More informationUTech Services Compliance, Auditing, Risk, and Security (CARS) Team Charter
Pennsylvania State System of Higher Education California University of Pennsylvania UTech Services Compliance, Auditing, Risk, and Security (CARS) Team Charter Version [1.0] 1/29/2013 Revision History
More informationDESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE
DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the
More informationGODADDY INC. CORPORATE GOVERNANCE GUIDELINES. Adopted as of February 3, 2015
GODADDY INC. CORPORATE GOVERNANCE GUIDELINES Adopted as of February 3, 2015 The following corporate governance guidelines have been adopted by the Board of Directors (the Board ) of GoDaddy Inc. (the Company
More informationTeam Financial Resources, Inc. Business Continuity Plan (BCP)
Team Financial Resources, Inc. Business Continuity Plan (BCP) January 1, 2012 I. Emergency Contact Persons Our firm s two emergency contact persons are: Laura H. Strickland, President Office: 919-658-4997
More informationVENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium
1 VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 2 Agenda Introduction Vendor Management what is? Available Guidance Vendor Management
More information(Instructor-led; 3 Days)
Information Security Manager: Architecture, Planning, and Governance (Instructor-led; 3 Days) Module I. Information Security Governance A. Introduction to Information Security Governance B. Overview of
More informationASTRAZENECA GLOBAL POLICY SAFEGUARDING COMPANY ASSETS AND RESOURCES
ASTRAZENECA GLOBAL POLICY SAFEGUARDING COMPANY ASSETS AND RESOURCES THIS POLICY SETS OUT THE REQUIREMENTS FOR SAFEGUARDING COMPANY ASSETS AND RESOURCES TO PROTECT PATIENTS, STAFF, PRODUCTS, PROPERTY AND
More informationOutsourced Third Party Relationship Management/ Vendor Management. TTS Webinar July 15, 2015 Susan Orr CISA, CISM, CRISC, CRP
Outsourced Third Party Relationship Management/ Vendor Management TTS Webinar July 15, 2015 Susan Orr CISA, CISM, CRISC, CRP 1 Risk Management Guidance 2 3 Appendix J: 4 - Key Elements Third Party Management
More informationNetwork & Information Security Policy
Policy Version: 2.1 Approved: 02/20/2015 Effective: 03/02/2015 Table of Contents I. Purpose................... 1 II. Scope.................... 1 III. Roles and Responsibilities............. 1 IV. Risk
More informationInformation Technology
Information Technology Information Technology Session Structure Board of director actions Significant and emerging IT risks Practical questions Resources Compensating Controls at the Directorate Level
More informationExercising Your Enterprise Cyber Response Crisis Management Capabilities
Exercising Your Enterprise Cyber Response Crisis Management Capabilities Ray Abide, PricewaterhouseCoopers, LLP 2015 PricewaterhouseCoopers LLP, a Delaware limited liability partnership. All rights reserved.
More informationProject Management Guidelines
Project Management Guidelines 1. INTRODUCTION. This Appendix (Project Management Guidelines) sets forth the detailed Project Management Guidelines. 2. PROJECT MANAGEMENT PLAN POLICY AND GUIDELINES OVERVIEW.
More informationCoping with a major business disruption. Some practical advice
Coping with a major business disruption Some practical advice Coping with a major business disruption What is business continuity? Business continuity planning (BCP) is a management process that helps
More informationThird Party Relationships
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 A B D INTRODUCTION AND PURPOSE Background Yes/No Comments 1. Does the credit union maintain a list of the third party
More informationVirginia Commonwealth University School of Medicine Information Security Standard
Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Business Continuity Management Standard for IT Systems This standard is applicable to all VCU School of Medicine
More informationBusiness Continuity Plan Summary (Revised November 26, 2012)
Business Continuity Plan Summary (Revised November 26, 2012) This document summarizes the business continuity plan (BCP ) of CIS Capital Markets LLC, dba Clarkson Capital Markets (the Firm ). The purpose
More informationElectronic Payment Schemes Guidelines
BANK OF TANZANIA Electronic Payment Schemes Guidelines Bank of Tanzania May 2007 Bank of Tanzania- Electronic Payment Schemes and Products Guidleness page 1 Bank of Tanzania, 10 Mirambo Street, Dar es
More informationBusiness Associate Agreement
Business Associate Agreement This Agreement is entered into as of ("Effective Date"), between ( Covered Entity ), and ( Business Associate ). RECITALS WHEREAS, Business Associate provides services on behalf
More informationFFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors
Overview for Chief Executive Officers and Boards of Directors In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed
More informationTo: Our Clients and Friends March 25, 2014
Financial Services Group To: Our Clients and Friends March 25, 2014 A Significant Change Is Occurring Regarding Regulatory Oversight of Banks and Their Third Party Relationships. Both Banks and their Vendors
More informationFINANCIAL INSTITUTIONS: MANAGING OPERATIONAL RISK WITH RSA ARCHER
FINANCIAL INSTITUTIONS: MANAGING OPERATIONAL RISK WITH RSA ARCHER As a board-level discussion topic at all financial institutions (FI) today, operational risk is real and public disclosure of significant
More informationGUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012
GUIDANCE NOTE FOR DEPOSIT-TAKERS Operational Risk Management March 2012 Version 1.0 Contents Page No 1 Introduction 2 2 Overview 3 Operational risk - fundamental principles and governance 3 Fundamental
More informationAUSTRACLEAR REGULATIONS Guidance Note 10
BUSINESS CONTINUITY AND DISASTER RECOVERY The purpose of this Guidance Note The main points it covers To assist participants to understand the disaster recovery and business continuity arrangements they
More informationThird-Party Cybersecurity and Data Loss Prevention
Third-Party Cybersecurity and Data Loss Prevention SESSION ID: DSP-W04A Brad Keller Sr. Vice President Santa Fe Group Jonathan Dambrot, CISSP CEO, Co-Founder Prevalent Networks 3rd Party Risk Management
More informationEmergency Contact Person - Firm Policy And Operation
Business Continuity Plan I. Emergency Contact Persons The Firm s emergency contact persons ( Executive Representatives ) are: Dean Cash Chairman and CEO () Pari Choksi Executive Vice President, CFO and
More informationMitigating and managing cyber risk: ten issues to consider
Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed
More informationELECTRONICS AND INFORMATION TECHNOLOGY ERRORS AND OMISSIONS, INTELLECTUAL PROPERTY RIGHTS APPLICATION (Claims made Coverage)
ELECTRONICS AND INFORMATION TECHNOLOGY ERRORS AND OMISSIONS, INTELLECTUAL PROPERTY RIGHTS APPLICATION (Claims made Coverage) Some sections of the application will not apply to your firm. Where this is
More informationCloud Computing: Legal Risks and Best Practices
Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent
More informationRogers Insurance Client Presentation
Rogers Insurance Client Presentation Network Security and Privacy Breach Insurance Presented by Matthew Davies Director Professional, Media & Cyber Liability Chubb Insurance Company of Canada mdavies@chubb.com
More informationMazzone & Associates, Inc.
Mazzone & Associates, Inc. Business Continuity Plan (BCP) Introduction. As a result of our ever-changing and evolving world, it has become necessary for firms in the financial services industry to take
More informationSoftware as a Service: Guiding Principles
Software as a Service: Guiding Principles As the Office of Information Technology (OIT) works in partnership with colleges and business units across the University, its common goals are to: substantially
More informationBERNARD HEROLD & CO., INC. BUSINESS CONTINUITY PLAN
BERNARD HEROLD & CO., INC. BUSINESS CONTINUITY PLAN Revised May 2015 Reviewed and approved by Lawrence Herold TABLE OF CONTENTS I Emergency Contact Persons 3 II Firm Policy 3 III Business Description 4
More informationBusiness Continuity Plan (BCP)
Business Continuity Plan (BCP) I. Emergency Contact Persons Our firm s two emergency contact persons are: Jay McAnelly, jay.mcanelly@invpro.com, 210-386-5468 and Richard Dullnig, richard.dullnig@invpro.com
More informationTHIRD PARTY SUPPLIER RISK MANAGEMENT. Meeting Emerging Financial Services Regulatory Requirements. By Joseph Yacura, ISG Director. www.isg-one.
THIRD PARTY SUPPLIER RISK MANAGEMENT Meeting Emerging Financial Services Regulatory Requirements By Joseph Yacura, ISG Director www.isg-one.com INTRODUCTION U.S. and Canadian financial services companies
More informationBusiness Continuity Plan Template for Small Introducing Firms. [Firm Name] Business Continuity Plan (BCP)
Business Continuity Plan Template for Small Introducing Firms [Firm Name] Business Continuity Plan (BCP) Updated May 12, 2010 This optional template is provided to assist small introducing firms in fulfilling
More informationHow To Assess A Critical Service Provider
Committee on Payments and Market Infrastructures Board of the International Organization of Securities Commissions Principles for financial market infrastructures: Assessment methodology for the oversight
More informationConsultative report. Committee on Payment and Settlement Systems. Board of the International Organization of Securities Commissions
Committee on Payment and Settlement Systems Board of the International Organization of Securities Commissions Consultative report Principles for financial market infrastructures: Assessment methodology
More informationBy: Tracy Hall. Community Bank Auditors Group Taking Your Business Continuity Plan To The Next Level. June 9, 2015
Community Bank Auditors Group Taking Your Business Continuity Plan To The Next Level June 9, 2015 By: Tracy Hall MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company,
More informationVendor Management Compliance Top 10 Things Regulators Expect
Vendor Management Compliance Top 10 Things Regulators Expect Peter Davey, AAP VP & Director, Enterprise Payments, CapitalOne Pamela T. Rodriguez, AAP, CIA, CISA EVP, Risk Management & Education, EastPay
More informationINFORMATION TECHNOLOGY SECURITY STANDARDS
INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL
More informationICBA Summary of FFIEC Cybersecurity Assessment Tool
ICBA Summary of FFIEC Cybersecurity Assessment Tool July 2015 Contact: Jeremy Dalpiaz Assistant Vice President Cyber Security and Data Security Policy Jeremy.Dalpiaz@icba.org www.icba.org ICBA Summary
More informationBusiness Continuity Planning and Disaster Recovery Planning
4 Business Continuity Planning and Disaster Recovery Planning Basic Concepts 1. Business Continuity Management: Business Continuity means maintaining the uninterrupted availability of all key business
More informationVII 4.1. VII. Unfair and Deceptive Practices Third Party Risk. Third Party Risk. Introduction. Background
Third Party Risk Introduction The board of directors and senior management of an insured depository institution (institution) are ultimately responsible for managing activities conducted through third-party
More informationSecureVest Financial Group, Inc. Argentis Advisors Business Continuity Plan (BCP)
SecureVest Financial Group, Inc. Argentis Advisors Business Continuity Plan (BCP) I. Emergency Contact Persons August, 2015 Our firm s three (3) emergency contact persons are August Cellitti (973) 723-9078,
More informationASX CLEAR (FUTURES) OPERATING RULES Guidance Note 10
BUSINESS CONTINUITY AND DISASTER RECOVERY The purpose of this Guidance Note The main points it covers To assist participants to understand the disaster recovery and business continuity arrangements they
More informationBusiness Continuity Plan Template for Introducing Brokers. [Firm Name] Business Continuity Plan (BCP)
Business Continuity Plan Template for Introducing Brokers [Firm Name] Business Continuity Plan (BCP) This template is provided as an optional guide to small introducing firms to assist them in fulfilling
More informationBusiness Continuity Plan (BCP)
Business Continuity Plan (BCP) I. Emergency Contact Persons Our firm's emergency contact person is: David Kassir, President (703) 533-0030, dkassir@mannacapitalmanagement.com. These names will be updated
More information