Summary:
The Federal Financial Institutions Examination Council (FFIEC) has issued an appendix to the Business Continuity Planning (BCP) booklet of the FFIEC Information Technology Examination Handbook entitled "Strengthening the Resilience of Outsourced Technology Services." The booklet is part of the IT Examination Handbook series and provides guidance to assist examiners in evaluating the risk management processes of financial institutions and service providers to ensure the availability of critical financial services.
Statement of Applicability to Institutions With Total Assets Under $1 Billion: This Financial Institution Letter applies to all FDIC-supervised financial institutions.
Highlights:
- Appendix J of the BCP Booklet discusses the following four key elements of BCP that a financial institution should address to ensure that their technology service providers (TSPs) are providing resilient technology services:
- Third-Party Management.
- Third-Party Capacity.
- Testing with Third-Party TSPs.
- Cyber Resilience.
- An electronic version of the booklet, as well as an FFIEC press release announcing the booklet, is available at http://www.ffiec.gov/press.htm .
Distribution:
- FDIC-Supervised Banks (Commercial and Savings)
Suggested Routing:
- Chief Executive Officer
- Chief Information Officer
- Chief Information Security Officer
Paper copies may be obtained through the FDIC's Public Information Center, 3501 Fairfax Drive, E-1002, Arlington, VA 22226 (1-877-275-3342 or 703-562-2200).
Additional Related Topics:
- FFIEC IT Examination Handbook