Cyber & IT Supervisory Forum - November 2023
Internal Use Only
R ‐ SAT v. 2.0: Question 4
NEW: Added phrase “Check all that apply” based on feedback that some institutions were not clearly identifying services that were processed or managed both internally and through outsourcing. Added “Cloud ‐ Based” column to identify which of the listed services are cloud ‐ based. Provided simple examples of “Other Critical Services” for reference.
7
Internal Use Only
R ‐ SAT v. 2.0: Questions 5 & 6
NEW: New question. Intended to identify and raise awareness of potential privacy regulations for any services based in foreign jurisdictions.
NEW: Added narrative to request documentation of any vendors not having ransomware ‐ specific preventative controls in place. Added “at least annually” language to question addressing frequency of independent third ‐ party vendor control audits.
8
Made with FlippingBook - Online catalogs