Skip to content

Monitoring Service Providers

Answered by: 

Question: 
How do banks intend to monitor their service providers to confirm that they are maintaining appropriate securitymeasures to safeguard the bank's customer information? We are looking for a practical, reasonable way to do this.
Answer: 

The trick will be to get contracts that make your monitoring of service providers easy for you. In the long run I do not think it will be a significant problem, at least as far as service providers that do work for several banks. Specifically ask your service providers what they are going to do to aid you in your monitoring task. Smart service providers who get it will see the new requirements for information security monitoring as an opportunity to distinguish their services from competitors.

These service providers will want to adopt recognized industry best practices, or at least establish an information security program which has security levels equal to the security levels of any bank it works for. Additionally, the service provider will want to adopt a reporting program which will satisfy its most demanding bank customer. This will allow the service provider to maintain one level of security across all of its systems, one reporting cycle (hopefully at least 4 times a year) and the reports it generates for its bank customers could all be the same.

Once the service providers have time to figure out what the new Information Security Guidelines mean in regard to their relationships with their bank customers, I believe we will find most service providers offering reports which are both in quality and timeliness more than adequate to allow banks to perform their monitoring duties.

For a lot more detailed & excellent discussion of the relevant issues see:
Technology Outsourcing Information Documents from the FDIC. These include three new documents intended to assist community bankers:

  1. Effective Practices for Selecting a Service Provider,
  2. Tools to Manage Technology Providers' Performance Risk: Service Level Agreements, and
  3. Techniques for Managing Multiple Service Providers

http://www.fdic.gov/regulations/information/btbulletins/technology.html

First published on BankersOnline.com 7/2/01

First published on 07/02/2001

Banker Store View All

From training, policies, forms, and publications, to office products and occasional gifts, it’s available here:

Banker Store

hot right now

image description

Looking for effective, convenient training on a particular subject?

BOL Learning Connect offers more than 200 courses ON-DEMAND or on CD ROM from AML to Reg Z and every topic in between.

Search Topics