The FFIEC details what your IT program must include, what it is required to mitigate, and what it expects to ensure ongoing vendor due diligence. No doubt outsourcing critical functions to third-party vendors delivers heightened operational risk and commensurate examiner scrutiny. The FFIEC’s “Outsourcing Technology Services” booklet provides guidance financial institutions should follow “to establish, manage, and monitor IT outsourcing relationships.” This webinar will provide an overview of governing regulations, examiner expectations, and best-practice vendor management sustained governance.
Recorded Wednesday, March 23, 2016
Continuing Education: Attendance verification for CE credits upon request
- Examiner expectations measured against the FFIEC’s Outsourcing Technology Services Appendix B: Laws, Regulations, and Guidance
- Overview and high-level breakdown of the FFIEC’s new Business Continuity Planning Appendix J: Strengthening the Resilience of Outsourced Technology Services
- Effective board and senior management framework to identify, measure, monitor, and mitigate risks associated with outsourcing tech services
- Importance of recovery time objectives (RTOs) and recovery point objectives (RPOs) within service level agreements enumerated in third-party technology contracts
- FFIEC Cybersecurity Assessment Tool’s Domain 4: External Dependency Management
- TAKE-AWAY TOOLKIT
- Sample vendor management policy, expanded procedures, and annual due diligence checklist
- FFIEC Information Technology Examination Management Handbook (November 2015)
- Links to the FFIEC’s:
- Outsourcing Technology Services IT Booklet
- Appendix B: Laws, Regulations, and Guidance
- Appendix J: Strengthening the Resilience of Outsourced Technology Services
- Employee training log
- Quiz you can administer to measure staff learning and a separate answer key
WHO SHOULD ATTEND?
This informative session is designed for board members, senior management, audit and/or supervisory committee members, and risk, compliance, audit, information security, and vendor management personnel.
Webinar content is subject to copyright and intended for your individual financial institution’s use only.