Click to return to BOL home page
Banker Store Read A Reg Vendor Connect Career Connect Learning Connect Bankers Information Network
Home Compliance Lending Operations Security Marketing Technology/eBanking
Top Stories Bankers' Threads Background Checks BOL Conferences CrimeDex FREE Briefings Banker Tools

   

















    Site Map

    Our Sponsors

    Home





Compliance Gurus
Lending Gurus
Operations Gurus
Marketing Gurus
Technology Gurus
eBanking Gurus

Print Friendly! Email This Article! Discuss NOW!


Monitoring Service Providers
by Michael Guard

BIO AND CONTACT INFO

QUESTION: How do banks intend to monitor their service providers to confirm that they are maintaining appropriate security measures to safeguard the bank's customer information? We are looking for a practical, reasonable way to do this.

ANSWER:
The trick will be to get contracts that make your monitoring of service providers easy for you. In the long run I do not think it will be a significant problem, at least as far as service providers that do work for several banks. Specifically ask your service providers what they are going to do to aid you in your monitoring task. Smart service providers who get it will see the new requirements for information security monitoring as an opportunity to distinguish their services from competitors.

These service providers will want to adopt recognized industry best practices, or at least establish an information security program which has security levels equal to the security levels of any bank it works for. Additionally, the service provider will want to adopt a reporting program which will satisfy its most demanding bank customer. This will allow the service provider to maintain one level of security across all of its systems, one reporting cycle (hopefully at least 4 times a year) and the reports it generates for its bank customers could all be the same.

Once the service providers have time to figure out what the new Information Security Guidelines mean in regard to their relationships with their bank customers, I believe we will find most service providers offering reports which are both in quality and timeliness more than adequate to allow banks to perform their monitoring duties.

For a lot more detailed & excellent discussion of the relevant issues see:
Technology Outsourcing Information Documents from the FDIC. These include three new documents intended to assist community bankers:
  1. Effective Practices for Selecting a Service Provider,
  2. Tools to Manage Technology Providers' Performance Risk: Service Level Agreements, and
  3. Techniques for Managing Multiple Service Providers
http://www.fdic.gov/regulations/information/btbulletins/technology.html

First published on BankersOnline.com 7/2/01


Home | Compliance | Lending | Operations | Security | Marketing | Technology | eBanking
BOL Archives    Privacy Policy    Important Disclaimer   Recommend This Site !   Contact Us


BankersOnline is a free service made possible by the generous support of our advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all banking professionals. Support our advertisers and sponsors by clicking through to learn more about their products and services.