Our regulators have requested that I create a risk analysis specific to IT. Does anyone have anything that might help me with this?

Lin, what regulation or best practice are they asking this for? I'm curious if they are citing the FACT Act.

Here's something that might help both of you. This requirement likely springs from the FFIEC's IT Handbooks, specifically the Information Security handbook. Read through the booklet and you should get a better understanding on where they are coming from and how you can go about fulfilling their requirement of a risk assessment.

If your IT auditor and/or IT department have not seen these before please share with them, these booklets are a tremendous resource.

I have done a risk assessment for our three banks for I/T. I at one time had it rolled up into the regular annual audit risk assessment but had to split it out. It attempts to cover each of the booklets of the FFIEC audit guidelines.

If you will send me your email address, I can send you a copy after I take all names and such out of it.

Could you share that with me as well? I have used the IT Risk Assessment found on BOL (which is a lot of policy audit) for 3 years and was wondering if anything else was out there. How have you addressed the response program for unauthorized access to customer information and customer notice? myates@cnbalva.com

Please feel free to download our free Customer Notification procedure and notification templates.

We'll be happy to help if you have any questions.

Do like I did ---- fill in the blanks with fictitious information

There are no cookies involved with our free download. We are a BOL-authorized vendor. We do not send spam nor do we inappropriately solicit information to those who are not interested. We offer a tremendous amount of free assistance but inevitably we are in business.

We are happy to help and answer questions and we've received very positive feedback regarding the Customer Notification templates. However, if our posting free tools in the threads (vs. Bankers Online Tools) is not generally accepted practice please let us or BOL know and we will discontinue posting the links.

Sorry for the accidental anonymous. Reposting so you know it's us.

There are no cookies involved with our free download. We are a BOL-authorized vendor. We do not send spam nor do we inappropriately solicit information to those who are not interested. We offer a tremendous amount of free assistance but inevitably we are in business.

We are happy to help and answer questions and we've received very positive feedback regarding the Customer Notification templates. However, if our posting free tools in the threads (vs. Bankers Online Tools) is not generally accepted practice please let us or BOL know and we will discontinue posting the links.

Thanks for the download.