The Federal Financial Institutions Examination Council, of which the NCUA is represented, issued a new booklet in its FFIEC Information Technology Examination Handbook series, “Architecture, Infrastructure, and Operations.”
The new booklet, which replaces the “Operations” booklet issued in July 2004, provides expanded guidance to help financial institution examiners assess the risk profile and adequacy of an entity’s information technology architecture, infrastructure and operations, according to the NCUA.
The booklet also discusses the interconnectedness among an entity’s assets, processes and third-party service providers, along with the principles, processes, potential threats and examination procedures to help examiners assess whether a financial entity’s management adequately addresses risks and complies with applicable laws and regulations.
The NCUA stated that the new booklet also highlights the importance of providing current information to examiners reviewing an entity’s information management practices pertaining to safety and soundness, consumer protection and provision of secure and resilient business services to customers.
The complete handbook is available on the FFIEC website.