Skip Repetitive LinksFederal Financial Institutions Examination Council Logo linking back to the home page.
 
What's New
About the FFIEC
Press Releases
Reports
Reporting Forms
Handbooks & Catalogues
Enforcement Actions
and Orders
On-line Information Systems
 

Other FFIEC Sites
Examiner Education Office
Appraisal Subcommittee
HMDA
CRA
Financial Institution Call Report Data
 

Press Releases

Image of FFIEC logo.
Federal Financial Institutions Examination Council
Press Release
For Immediate Release January 29, 2003

FEDERAL FINANCIAL REGULATORS RELEASE INFORMATION SECURITY BOOKLET,
FIRST IN A SERIES

The Federal Financial Institutions Examination Council today issued revised guidance for examiners and financial institutions to use in identifying information security risks and evaluating the adequacy of controls and applicable risk management practices of financial institutions.

The safety and soundness of the federal financial industry and the privacy of customer information depend on the security practices of banks, thrifts and credit unions. The Information Security Booklet describes how an institution should protect and secure the systems and facilities that process and maintain information. The booklet calls for financial institutions and technology service providers (TSPs) to maintain effective security programs, tailored to the complexity of their operations.

Today's guidance is the first in a series of updates to the 1996 FFIEC Information Systems (IS) Examination Handbook. These updates will address significant changes in technology since 1996 and incorporate a risk-based examination approach.

The FFIEC currently plans to issue the updates in separate booklets that will ultimately replace all chapters of the 1996 Handbook and comprise the new FFIEC Information Technology (IT) Examination Handbook. In addition to the booklet on information security issued today, future booklets will address business continuity planning, supervision of technology service providers, electronic banking, IT audit, payment systems, outsourcing, IT management, computer operations, and systems development and acquisition.

The FFIEC agencies plan to distribute these booklets electronically to financial institutions and TSPs. The documents will be available on the Internet through the FFIEC's InfoBase application. InfoBase will include each booklet in Adobe Acrobat PDF file format, as well as an online version with links to various resource materials, and an orientation to the handbook update process.

The electronic version of the Information Security Booklet is available at www.ffiec.gov/guides.htm.

The FFIEC is composed of the five federal financial regulators: Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, National Credit Union Administration, the Office of the Comptroller of the Currency and the Office of Thrift Supervision.

Media Contacts:

OTS Chris Smith 202-906-6677
FRB Susan Stawick 202-452-3128
FDIC David Barr 202-898-6992
NCUA Cherie Umbel 703-518-6337
OCC Dean DeBuck 202-874-4876

Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency, Office of Thrift Supervision

 

-HOME-

Note: Many of the documents available on-line are in Adobe Portable Document Format (PDF). Please visit our PDF help page for more information.

Maintained by the FFIEC. All suggestions regarding this site may be forwarded via e-mail to ffiec-suggest@frb.gov.
Last update: 10/13/2004 10:06 AM