Virtual Cyber & Technology Risk Management Forum

The Guidance

• FFIEC Guidance : o Outsourcing Technology Services booklet (2004) o Supervision of Technology Service Providers booklet (2012) o Outsourced Cloud Computing (2012) o BCP: Appendix J (2015) o Cybersecurity Assessment Tool (2015) – Domain 4 • FDIC Guidance : o FIL 44-2008: Guidance for Managing Third Party Risk o InTREx: https://www.fdic.gov/news/financial-institution- letters/2016/fil16043a.pdf • OCC Guidance : o OCC Bulletin 2013-29: Third-Party Relationships: Risk Management Guidance o OCC Bulletin 2017-7: Supplemental Exam procedures to 2013-29 • Federal Reserve Guidance : o SR 13-19 / CA 13-21: Guidance on Managing Outsourcing Risk

© 2020 SBS CyberSecurity, LLC www.sbscyber.com

4