IT Examiner School - Oct 2025

First page Table of contents Next page Last page
Agenda2
Introduction4
Regulations and Guidance10
IT Examination Work Programs19
Audit32
Cyber Maturity Assessment/FFIEC CAT Tool53
Support & Delivery56
Development & Acquisition92
Third-Party Risk Management100
Information Security Framework & Risk Assessment107
Business Continuity Planning/ Disaster Recovery126
Management136
Composite Rating150
Emerging Issues156
Appendix166
URSIT Ratings Handout166
FDIC Abbreviated Workprogram Procedures & CSBS Analysis172
RD Memo 2025-027-RMS172
Information Technology Profile (ITP)193
Information Technology Risk Examination Procedures245
2024 Changes to InTREx247
Sample Risk Assessment282 - 283
Data Center Walkthrough Checklist284
Depository vs. Non-Depository286 - 287
Associate Certified Information Security Examiner295
Learning Roadmaps296 - 297

Made with FlippingBook Learn more on our blog