Financial Institution Letters
February 23, 2015
Business Continuity Planning Booklet Appendix J Update to FFIEC IT Examination Handbook Series
The Federal Financial Institutions Examination Council (FFIEC) has issued an appendix to the Business Continuity Planning (BCP) booklet of the FFIEC Information Technology Examination Handbook entitled "Strengthening the Resilience of Outsourced Technology Services." The booklet is part of the IT Examination Handbook series and provides guidance to assist examiners in evaluating the risk management processes of financial institutions and service providers to ensure the availability of critical financial services.
Statement of Applicability to Institutions With Total Assets Under $1 Billion: This Financial Institution Letter applies to all FDIC-supervised financial institutions.
- Appendix J of the BCP Booklet discusses the following four key elements of BCP that a financial institution should address to ensure that their technology service providers (TSPs) are providing resilient technology services:
- Third-Party Management.
- Third-Party Capacity.
- Testing with Third-Party TSPs.
- Cyber Resilience.
- An electronic version of the booklet, as well as an FFIEC press release announcing the booklet, is available at http://www.ffiec.gov/press.htm.
- FDIC-Supervised Banks (Commercial and Savings)
- Chief Executive Officer
- Chief Information Officer
- Chief Information Security Officer
- FFIEC IT Examination Handbook
- Jeff Kopchik, Senior Policy Analyst, at firstname.lastname@example.org or 703-254-0459
FDIC Financial Institution Letters (FILs) may be accessed from the FDIC's Web site at https://www.fdic.gov/news/news/financial/2015/.
To receive FILs electronically, please visit http://www.fdic.gov/about/subscriptions/index.html.
Paper copies may be obtained through the FDIC's Public Information Center, 3501 Fairfax Drive, E-1002, Arlington, VA 22226 (1-877-275-3342 or 703-562-2200).