Information Security

This topic contains guidance regarding the adequacy of financial organizations’ information security systems. Information security is the process by which an organization protects and secures its systems, media, and facilities that process and maintain information vital to its operations. On a broad scale, the financial institution industry has a primary role in protecting the nation’s financial services infrastructure.  The security of the industry’s systems and information is essential to its safety and soundness and to the privacy of customer financial information. Individual financial institutions and their service providers must maintain effective security programs adequate for their operational complexity. (FFIEC IT Examination Handbook InfoBase)

Policy Letters

Information Security

FFIEC Information Technology Examination Handbook – Information Security Booklet

Off-site Review of Loan Files

FFIEC Cybersecurity Assessment Tool for Chief Executive Officers and Boards of Directors

End of Microsoft Support for Windows XP Operating System

Interagency Examination Procedures for the Identity Theft Red Flags and Other Regulations under the Fair Credit Reporting Act

Revised Policy Governing Access to Confidential Supervisory Information

Questions and Answers Related to Interagency Guidance on Authentication in an Internet Banking Environment

Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice

Interagency Guidance on Authentication in an Internet Banking Environment

FFIEC Guidance on the use of Free and Open Source Software

Standards for Safeguarding Customer Information

Additional Resources

Manual References

Back to Top
Last Update: April 21, 2017