IT Disaster/Recovery, Monitoring, Security and Confidentiality Compliance mandated by the FDIC
(Gramm-Leach-Bliley Act of 1999 and the Sarbanes- Oxley Act of 2002) and how OlySoft can help.

          Today’s globalization and electronic delivery of financial services directly affect
          the stringent confidentiality and security needs of the banking and financial services
          industries. OlySoft ™ can help. As you increase convenience, efficiency
          and reach, your customers’ valued privacy becomes more vulnerable to exposure
          or attacks. In addition Business Disaster Recovery plan become even more critical
          than before, to assure your customers that electronically or through alternate
          site they can always safely access their assets. In order to provide a private and
          secure environment, financial institutions are required by the legislation enacted
          since 1996, including the Gramm-Leach-Bliley Act of 1999 and the Sarbanes-Oxley Act
          of 2002 to create safe and secure banking environment, including, but not limited
          to IT processing, e-banking, outsourcing of the core processing, funds transfer etc.

OlySoft ™ can help. We will assist you with those tasks or we will perform them on your behalf.

·         Periodically assess current risk

Identify and assess IT’s potential risks and vulnerabilities. Evaluate your external and internal security measures. Assess risks to information security or integrity, or unauthorized use or disclosure.

·         Document IT

Document formal practices and processes for the execution of named controls and measures.

·         Architect IT

Design integrated solution to assure recovery, security and monitoring of the effective controls to mitigate assessed risk.

·         Implement IT

Implement formal procedures and controls to mitigate assessed risk.

·         Monitor IT

Effectively monitor implemented controls for failures, unauthorized access or penetration and evaluate its effectiveness.

·         Update IT

Have in place configuration and patch management system to assure that the latest control files are in place and that all critical technology security updates are implemented as needed.

·         Test IT  

Implement and test IT recovery, security and perimeter penetration plan. Maintain security measures high and audit them frequently.

·         Pass IT  

 

OlySoft ™ will help you to prepare for the FDIC/ State regulatory audit. As your IT Manager we will assist you before, during and after audit. We will help you preparing for and answering questions pertinent to the IT.

For example, are you ready to answer to the following questions? (These are the real questions from the FDIC audit questionnaire)

 

7. Has the Board or its designated committee approved a written Information Security Program?

Do the polices addressing the Information Security Program cover the following:

  • Roles and responsibilities (central security coordination, segregation of duties, incident response, skill continuity)?
  • Personnel security (background checks, acceptable use training email/Internet)?
  • Audit (scope, internal/external auditor qualifications, system log reviews, audit trails)?
  • Vendor management?
  • Access controls (mainframe/network logical controls, password parameters, authentication, etc.)?
  • Configuration management (security patches, software upgrades, parameter changes)?
  • Contingency planning (business continuity, backups, disaster recovery)?
  • Virus protection?
  • Telecommunications (firewalls, modems, intrusion detection, encryption)?
  • Restricted access (terminal/data center access)?
  • Safety (fire prevention/detection, housekeeping)?
  • Inventory management (theft detection, media disposal, hardware, software, source documents, output)?

Who is responsible for maintaining the Information Security Program?

11. Describe the bank’s disaster recovery testing process. Include the scope, results, and date of the bank’s most recent disaster recovery test.

How OlySoft ™ can help make and keep you compliant:

OlySoft ™ brings you security compliance, monitoring and management technologies developed for the Olympics Games as well as partnership with the IS management specialists with extensive experience in regulatory compliance and audits. Our innovative approach was already successfully tested in the FDIC regulated institution as well as in the SEC regulated brokerage house.

Your OlySoft ™ team acts as your IT Manager:

·         Architects IT solution

·         Creates “System and Network Policy” book

·         Builds operational procedures based on the current policies

·         Builds IT growth plan

·         Assesses your existing vulnerabilities

·         Develops and implements a virtually secure perimeter around your IT

·         Monitors for unauthorized access or perimeter break-ins and evaluate effectiveness of the implemented solution

·         Monitors for critical failures and problems and evaluates your environment

·         Monitors /Audits implemented controls for their effectiveness

·         Provides automated, online, properly filtered reports for your review

·         Provides online, real time controls to safeguard against inappropriate usage of the internet 

FDIC requirements

What OlySoft ™ will do?

FFIEC provides guidance on risk and risk-management practices applicable to a financial institution’s technology, including e-banking activities

OlySoft ™ will help design IT solution in compliance with the FFIEC recommendations

Perform a Risk Assessment

Identify reasonably foreseeable internal and external threats, assess the likelihood and potential damage of these threats, and assess the sufficiency of policies, procedures, customer information systems and other arrangements in place to control risk.

OlySoft ™ will assess your current systems and identify all vulnerability points.

Design and Implement

Put in place effective IT Policies and Procedures to govern Bank’s technology 

Develop an information security program that includes administrative, technical and physical safeguards

Develop Disaster/Recovery plan that includes Business Recovery Plan

Develop effective monitoring/audit program to asses operations risk

 

 

OlySoft ™ will create “Network and Systems Policies and Procedures” or will help evaluate existing ones.

 

OlySoft ™ will help you create a virtual shield around your valued information. Once we have identified the weaknesses in your current system, we will design and implement wall against malicious attacks or inappropriate use of information.

 

OlySoft ™ will help you create a Disaster/Recovery plan. Once we have review your Business DR Plan, we will evaluate the weaknesses in your current system, we will design and implement DR procedures for you and your technology vendors. We will also work with you on testing requirements, schedules and scenarios.

 

OlySoft ™ will create an integrated monitoring solution to safeguard your valued information. We will design and implement solution monitoring against malicious attacks, failures or inappropriate usage of the internet

Manage and Control Risk

Having identified the mission critical processes and functions it is important to determine what the impact would be upon the institutions goals if these were disrupted or lost. Once having identified those critical processes and functions, a risk assessment must be conducted to identify the many threats to these processes.

Financial institution should have effective patch management system to minimize risk of unauthorized changes and updates as stated in the FDIC circular dated.

Design an information security program to control risks identified in the assessment.

Manage and control technology vendors contracted by the financial institutions

OlySoft ™ will help you develop, document and enforce security policies, standards and procedures.

 

OlySoft ™ will help you manage technology vendors and control their compliance with the FDIC rules and regulations

 

OlySoft ™ will create effective problem and change control process, including configuration and patch management system as mandated by the FDIC rules and regulations

Test and Adjust the Program.

The institution must monitor, evaluate and adjust the information security program. Security professionals must keep current with new security technologies, any changes in the sensitivity of its customer information, and internal or external threats to their information security.

The institution must monitor, evaluate and adjust the Disaster/Recovery program. Institution Management must keep current with D/R procedures and policies, recovery technologies and any changes to the existing plans and staffing.

 

OlySoft ™ services include frequent review and adjustments of the Disaster Recovery plan; System management and Security plan for maximum effectiveness. It includes internal or external audit, test of the controls in place and adjustment of the implemented procedures as required by the technology changes.

Gramm-Leach-Bliley Act enacted in 1999 and Sarbanes-Oxley Act enacted in 2002

OlySoft ™ will help you meet compliance regulations as soon as possible

New FDIC IT examination procedures as off September 2002 (see Appendix B below)

OlySoft ™ will prepare your IT to meet FDIC audit requirements as soon as possible
  © copyright 1992 - 2008 OlySoft, all rights reserved. Send mail to webmaster@olysoft.info with questions or comments regarding this web site.