IT Policy
The section 501(b) of the Gramm-Leach-Bliley Act of 1999 (GLBA) requires that banks have an Information Security Risk Management Program. One of the major components of the program is an ongoing risk assessment program. The FFIEC is fairly specific as to how this should be done. Admittedly, a proper risk assessment is a large, difficult undertaking, mandates objectivity and requires a multidisciplinary approach according to the FFIEC guidelines.
Community Banc Consulting of Ohio, Inc. can conduct a compliant risk assessment for your bank that will help you learn about your IT infrastructure and satisfy the examiners. CBC uses a methodical process to evaluate the risks your bank faces and the controls that you have in place to mitigate those risks. We produce a concise report that you can discuss with your board of directors and examiners. We will also make suggestions as to what further controls you need to consider putting in place.
Once a risk assessment is completed, a bank can then develop policies that are supported by the assessment of their unique situation. This policy is generally referred to as the Information Security Policy.
If you are not a client of Community Banc Consulting of Ohio, Inc.'s IT Services, you will need an IT Audit in order to have an accurate IT Risk Assessment.
If you would like to learn more about our IT Risk Assessment, you can contact the following:
Paul Elder 614-848-3189 ext 121 or email Paul Larry Krietemeyer 614-848-3189 ext 143 or email Larry