IT Risk Management Compliance
Manage your security threats and exposures
Security is the single most important concern on the minds of financial institution executives today. Regulators require institutions to have a formal information security risk plan in place to protect from hackers and other potential business interruptions. We help your institution identify, assess, measure, and manage risk in all areas of information technology risk. New FFIEC and Interagency Guidelines are placing ever increasing pressure on financial institutions to ensure that processes, procedures and policies are implemented in order to protect key information assets and customer information. As an industry leader in IT Risk Management and Compliance services, SCS provides a set of integrated services to help institutions meet the dual challenge of addressing threats/vulnerabilities and meeting compliance demands. Working with our Technology group, you receive expert assistance with the implementation of the processes and controls required to ensure continued measurement and monitoring of potential risk.
IT Auditing—Our Certified Information Systems Auditors (CISA) take a proactive approach with our clients through reviews of existing Information Technology (IT) operations, policies, procedures and controls. IT Audits are conducted in strict accordance with the Federal Financial Institutions Examination Council (FFIEC) Information Systems Examination Handbooks and other applicable financial institution requirements and guidelines. The scope of the audit includes reviews of the following areas:
- Status of Findings from Previous Examinations
- IT Organization Structure and Board/Management Oversight
- Network and End-User Computing
- IT Risk Management
- Information Security Program (includes GLBA 501b related requirements)
- Electronic Banking and Web site
- Disaster Recovery and Business Continuity Planning
- Information Technology Policies & Procedures
IT Risk Assessment — to fully meet the challenges of the new FFIEC guidelines, SCS performs a complete assessment of all operational processes and activities to identify threats, vulnerabilities and exposures to customer and confidential information.
External Vulnerability Assessment — designed to test your external IT defenses against potential attacks.
Information Security Compliance Assessment — an analysis of your institutions regulatory compliance with policy and procedure for one or more of GLB, SOA, Patriot Act, and/or FFIEC Guidelines (Information Security, Business Continuity, IT Audit, Electronic Banking, and FedLine) and the development of an Information Security Testing Plan.
IT Security Management Consulting — leveraging our knowledge and experience in developing an effective and affordable secure environment for your networks.
Business Continuity and Disaster Recovery Planning — assisting our clients in addressing the new requirements outlined in the FFIEC’s Business Continuity Planning Booklet.
Internet Banking Risk Assessment — a comprehensive evaluation of your institution’s technical controls and procedures protecting Internet Banking computer systems, perimeter and internal security including authentication.