-
Technology Service Providers and the new SOC reports
What do all of the 2012 changes to the IT Examination Handbooks have in common? They are all, directly or indirectly, related to vendor management. I had previously identified vendor management as a leading candidate for increased regulatory scrutiny in 2012, and boy was it. (Not all of my 2012 predictions fared as well, I’ll…
-
7 Cloud Vendor Deal Breakers for Financial Institutions
With all the recent focus on vendor management in general, and cloud vendors in particular, there has been a lot of discussion about changing regulatory requirements and best practices. For the most part, cloud vendors must adhere to the same due diligence, contract, and monitoring guidelines as any other vendor However there are a few…
-
FFIEC issues Cloud Computing Guidance
Actually the document is classified as “for informational purposes only”, which is to say that it is not a change or update to any specific Handbook and presumably does not carry the weight of regulatory guidance. However, it is worth a read by all financial institutions outsourcing services because it provides reinforcement for, and references…
-
NIST releases new Cloud Computing Guidelines
Although not specific to the financial industry, the new guidelines provide a comprehensive overview of the privacy and security challenges of this increasingly popular computing model. It’s worth a look by both financial institutions considering cloud-based services, as well as service providers, because NIST guidelines often wind up as the basis for new or updated…