| Home > Banking > Supervision and Regulation |
 |
|
| Circular |
|
|
FFIEC Issues Guidance on Information Technology Management and Outsourcing Technology Services
|
|
|
July 20, 2004
|
|
| Circular No. 11624 | |
|
To All Depository Institutions and Others Concerned in the Second Federal Reserve District: The Federal Financial Institutions Examination Council (FFIEC) has issued revised guidance for examiners, financial institutions, and technology services providers on two topics: managing financial institutions’ information technology (IT) activities and outsourcing technology services. The Management Booklet provides guidance on the risks and risk-management practices applicable to financial institutions’ information technology activities. Sound IT management is critical to the performance and success of a financial institution. The board of directors and executive management should understand and take responsibility for IT management as a critical component of their overall strategic planning and corporate governance efforts. The Outsourcing Technology Services Booklet provides guidance on the risks and risk-management practices applicable to financial institutions' outsourcing IT activities, including service provider selection, contract issues, and ongoing monitoring of the relationship. The booklet also includes guidance on the risks and risk-management issues unique to foreign service providers. Outsourcing of an activity does not relieve management and the board of directors of their responsibility to ensure the institution’s data is processed in a secure environment and the integrity of the data is maintained. Thus, ongoing monitoring of the relationship is crucial to ensure key terms of service level agreements are followed, confidentiality of information is safeguarded, and the service provider maintains operational stability. The booklets are being distributed electronically and are available at the FFIEC website. FFIEC press release Contact:
Contact: |
