IT Examiner School, Providence, RI

Comment Support

Support your rationale by focusing on key areas such as:  Risk assessment practices  Operations security and risk management  Audit program  Disaster recovery and business continuity planning  Vendor management and service provider oversight  Compliance with GLBA/Part 364, Appendix B requirements  Cybersecurity Assessment and Maturity

Comment Elements

 Overall condition statement (e.g., is the information security program adequate and in compliance with GLBA/Appendix B, Part 364?).  Support for condition statement (e.g. weaknesses identified in the program).  Examiner recommendations.  Management’s response.  If applicable, identify Matters Requiring Attention (MRAs) with management’s response/commitment and reporting requirements.