On Tuesday, April 2, the FDIC issued an advisory letter to banks on Technology Service Provider Contracts. The letter speaks to gaps that examiners are seeing in contracts between banks and their technology service providers.
We, at Systems Engineering, are happy to see this level of vendor management being promoted by the FDIC. Over the many years we have been servicing our banking and other financial services clients, we have developed a keen understanding of the obligations we have to these institutions and they, in turn, have to their clients and consumers. To that end, we are always working to set a higher standard for ourselves and to clearly differentiate ourselves when organizations are looking to outsource IT services.
Systems Engineering already covers the gaps, and more, identified in the FDIC advisory, with the following:
- Contracts covering Systems Engineering's responsibility in the handling of customer information; this defines the service(s) to be delivered along with the customer's and our own responsibilities.
- A Disaster Recovery Plan
- An Incident Response Policy
- Information Security and Acceptable Use policies
- Annual security awareness training for all employees
- Annual SOC 2 Type 2 audit to attest to our compliance with our policies
- A significant Cyber Liability insurance coverage
At Systems Engineering, we have always known the importance of being able to supply our clients and prospective clients with a solid vendor management package. To read more about this effort in a recent blog article, click here.