Wow! That is a tall order! Off the top of my head, I'd say you should consider changes to risks in at least the following areas:
* Data recovery/continuity/redundancy risks
* Physical security of the host and peripherals
* Interoperability with existing network infrastructure
* Access to, and/or escrow of, core application source code
* Logical security of the host OS and core application
* Admin and user knowledge/expertise
* Additional audit requirements
* Change and patch management
* Vendor stability, helpdesk availability, ability to maintain product, ability to meet future needs of your bank, etc.
That is a start, anyway. If you would like more ideas, please let me know via PM or email. Thanks!
Last edited by Vini Vidi Suasi; 09/03/09 03:18 PM.