In November 2019, the Federal Financial Institutions Examination Council (FFIEC) released an update to the Information Technology Examination Handbook (IT Handbook). This handbook is a guide for examiners at its member agencies, which include the FRB, FDIC, NCUA, OCC, and CFPB.
In today’s interconnected world, supply chains are growing exponentially. As a result, third-party risk has become a big focus for senior management. But what about the vendors that your suppliers rely on and the threat of fourth-party risk?
The importance of monitoring third-party vendors has increased in recent years with the numerous data breaches originating in vendor systems. You have likely heard from news coverage of major breaches that because of how interconnected organizations are today, it’s critical to make sure your vendors aren’t leaving your data exposed.
Organizations have come to depend on cloud service providers for key services - from email and domain registrars, to payment processors and certificate authorities. According to the 2015 Cloud Computing Survey by IDG, 72% of organizations had at least one application in the cloud or a portion of their computing infrastructure in the cloud. As companies move key business processes to a SaaS environment, it is becoming increasingly difficult to monitor and protect sensitive data. Your organization may have excellent data security programs in place, but are your vendors -- and their own vendors -- following similar standards? Do you know exactly where your data lives and can you measure how effectively your information is being protected? Furthermore, what impact does a cloud service disruption have on your business operations?