IT Examiner School eBook
Internal Use Only
Computer Security Incident Notification Rule
The FDIC, FRB, OCC issued a joint final rule in 2021 to establish computer-security incident notification requirements for banking organizations (BO) and bank service providers Required notification to regulators as soon as possible and no later than 36 hours after the BO determines that a computer-security incident that rises to the level of a notification incident has occurred
Compliance with the final rule was required by May 1, 2022
The FTC Amended its Safe Guards Rules in October 2023 to require notification to FTC as soon as possible, and no later than 30 days after discovery, of a security breach involving the information of at least 500 consumers.
Sources: www.fdic.gov/news/financial-institution-letters/2021/fil21074.html www.ftc.gov/news-events/news/press-releases/2023/10/ftc-amends-safeguards-rule-require-non-banking-financial-institutions-report-data-security-breaches
Internal Use Only
Zoom Annotation Tool
Click View Options at the top then click Annotate
Click the Draw Tool then the double arrow
Made with FlippingBook - Online magazine maker