Recorded: September 17, 2015
Length: 60 Minutes
The value that third party service providers (TSP) bring can quickly be eroded by the associated cyber risks, and the FFIEC expects that TSPs be subject to the same risk management, security, privacy, and other requirements - as if the financial institution were conducting the activities in-house. Regulatory expectations related to cyber resilience as well as the additional complexity inherent in using multiple TSPs require more diligence by financial institution management.
In this three-part series, you'll learn how to effectively manage TSPs, reduce cyber risk, and ensure compliance with a variety of regulations, including the new Appendix J of the BCP Service Booklet.
In Part Two, we'll take a closer look at vendor risks and requirements, selection, and monitoring. You'll learn how to design and implement a sound vendor management program in accordance with different FFIEC regulations including Appendix J with new requirements related to business continuity planning and cybersecurity.
Topics addressed:
- How to perform a risk assessment.
- What due diligence should be performed on TSPs prior to selection?
- How should new contract terms and conditions be addressed with respect to cyber security?
- What new elements of the relationship should be monitored?
- Why and how to expand my Incident Response Plan?
Speaker: Karen Livingstone, InfoSight, Inc.
Karen is a contemplative and passionate executive with 20+ years' experience in providing risk management, audit, and regulatory compliance services. Karen has helped numerous financial service organizations design and implement cost-effective risk management and compliance programs and solutions. She has extensive experience in the IT assurance profession and understands audit and examination requirements.
Karen's knowledge of financial regulations is comprehensive. She has practical experience in helping financial institutions comply with the various aspects of FFIEC, OCC, FDIC and NACHA regulations impacting controls and processes related to the integrity and security of IT systems, processes, and people. Karen also has expertise with other best practice guidelines and frameworks provided by NIST, ISO, COSO and COBIT.
Karen holds designations as a CPA, CISA, CIA, CRMA, and AMLCA, is an alumnus of Florida Atlantic University, and has presented various topics for organizations operating in diverse industries. She was a visiting professor for the University of South Florida and is an active volunteer in her community
1 CPE Credit
Program Level: Basic-Intermediate
Print Order Form