Federal Financial Institutions Examination Council (FFIEC) is a council of five banking regulators, that has released guidelines to ensure compliance to laws and regulations for financial institutions.
The guidelines are separated into 11 IT Examination Booklets and cover the following topics:
- Business Continuity Planning
- Development and Acquisition
- Information Security
- Outsourcing Technology Services
- Retail Payment Systems
- Supervision of Technology Service Providers
- Wholesale Payment Systems
The compliance of an institution with the FFIEC guidelines is determined through comprehensive assessments of the operations and security risks. The risks and threats should be identified, and mitigations should be implemented. Continuous and periodic risk assessments should be performed.
Who does it apply to?
FFIEC compliance applies to financial institutions and providers of services to these institutions that handle financial or consumer data.
How can GoldSky support you with your FFIEC compliance needs?
- GoldSky can assess the state of current IT operations of a financial organization, identify gaps compared to the prescribed FFIEC guidelines, on all 11 topics. If gaps or deficiencies have been identified, GoldSky can put together a plan and implementation of the required mitigations.
- GoldSky can develop and maintain risk assessment and management documentation as required for the compliance.
“We could not be more pleased with our partnership with GoldSky Security. The experience and professionalism from your team has exceeded our expectations from day one. Your team was on-site within a week of our initial call. We appreciate the responsiveness and expertise you provided in performing our NIST 800-171 Gap Assessment and now CSOaaS program. Having an On-Demand CSO partner to assist us in building a sound cybersecurity program while maintaining NIST 800-171 compliance has proven to be both efficient and cost-effective. Thanks!”