多宝游戏下载

Skip to main content
U.S. flag
An official website of the United States government
Dot gov
The .gov means it鈥檚 official. 
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you鈥檙e on a federal government site.
Https
The site is secure. 
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.
INACTIVE
This page is no longer active. Its content has expired or been rescinded by the 多宝游戏下载.

Information Technology - Risk Management Program Revised IT Officer's Questionnaire

Information Technology / Cybersecurity
December 4, 2007

Summary

The 多宝游戏下载 has updated its risk-focused Information Technology (IT) examination procedures for 多宝游戏下载-supervised financial institutions. As part of the revision, the IT Officer's Questionnaire was enhanced to provide greater coverage of vendor management and outsourcing topics, credit card and ACH (automated clearing house) payment system risks, and an institution's overall information security program. The revised questionnaire is attached.

Highlights

  • The IT Officer's Questionnaire is an essential element of the 多宝游戏下载's information technology examinations of 多宝游戏下载- supervised financial institutions.
  • A "Vendor Management and Service Provider Oversight" section was added to the questionnaire to reflect potential reliance on outside firms for technology-related products and services.
  • New questions were added for payment system risks, including questions relating to the Originating Depository Financial Institution (ODFI), wire transfer, credit card merchant processing, and remote deposit capture.
  • All questions now include at least one reference to existing guidance or regulations.
  • The summary section for Part 364, Appendix B, Interagency Guidelines Establishing Information Security Standards, was replaced with a reference document that maps applicable questionnaire items to the Guidelines. This reference document will assist financial institution management in conducting self-assessments of their information security programs. Evaluating compliance with the Guidelines is part of every IT examination.
  • The IT Officer's Questionnaire must be completed and signed by an executive officer of the financial institution and returned to the 多宝游戏下载 examiner-in-charge prior to the on-site portion of the examination.

Distribution

多宝游戏下载-Supervised Banks (Commercial and Savings)

Suggested Routing

  • Chief Executive Officer
  • Chief Information Officer
  • Chief Information Security Officer
  • Chief Compliance Officer

Note

多宝游戏下载 financial institution letters (FILs) may be accessed from the 多宝游戏下载's Web site at http://www.fdic.gov/news/financial-institution-letters/2007/index.html

To receive FILs electronically, please visit http://www.fdic.gov/about/subscriptions/fil.html.

Paper copies of 多宝游戏下载 financial institution letters may be obtained via the 多宝游戏下载's Public Information Center (1-877-275-3342 or 703-562-2200).

Additional Related Topics

  • Interagency Guidelines Establishing Information
  • Security Standards
  • Uniform Rating System for Information Technology
FIL-105-2007
Attachment(s)
Contact(s)
Donald Saxinger, (202) 898-6521

Last Updated: December 4, 2007