This section is where all changes made to the InfoBase are listed.  Each  change entry includes the effective date and a brief description.

Below are the most recent updates to the InfoBase.  For a complete listing of all changes, click here:  Change History Log 

Mar 22, 2013

Information Technology Examination Handbook InfoBase Enhancements

The Federal Financial Institutions Examination Council (FFIEC) member agencies today announced the addition of a new feature to the Information Technology Examination Handbook InfoBase. This feature provides bankers, agency personnel, and other interested parties with the ability to register and receive notifications of additions, changes, and deletions to the InfoBase. Users may elect to receive messages by either email notification or a Real Simple Syndication (RSS) feed through links on the Welcome page of the online InfoBase at: ithandbook.ffiec.gov

The press release is at:  http://www.ffiec.gov/press/pr032213.htm

Oct 31, 2012

Supervision of Technology Service Providers (TSP) booklet

The booklet replaces the March 2003 version and includes the following revisions:

• Rescinds Supervisory Policy 1, "Interagency EDP Examination, Scheduling, and Distribution Policy", September 1991,  and Supervisory Policy 11, "Enhanced Supervision Program for Multidistrict Data Processing Services (MDPS), January 1995.
• Outlines the agencies' risk-based supervisory program
• Sets forth the agencies' expectation that financial institutions have in place a comprehensive, enterprise-wide risk management process that addresses vendor management for relationships with TSPs.

Oct 31, 2012

Reference Materials - Federal Regulatory Agencies' Administrative Guidelines: Implementation of Interagency Programs for the Supervision of Technology Service Providers

The Guidelines describe the process the FRS, FDIC, and OCC (agencies) follow to implement the interagency supervisory programs and include the reporting templates examiners use throughout the supervisory cycle.  The primary audience is the agencies' management and field examiners.

Jul 10, 2012

Reference Materials

Added the FFIEC Public Cloud Computing Statement.  The statement maps cloud computing risks to the various FFIEC IT Handbook booklets.

May 7, 2012

Audit, BCP, E-Banking, Information Security, Operations, Outsourcing, and Retail Payments booklets.

Revised multiple booklets to address the transition from SAS-70 to the SSAE-16 attestation review process and other third-party review processes.

Apr 27, 2012

Information Security booklet

Added the FFIEC Supplement to the Authentication in an Internet Banking Environment guidance for all agencies in the Resource section, Appendix C.

Apr 9, 2012

Outsourcing booklet

Added Appendix D, Managed Security Service Providers (MSSP). This appendix, including examination procedures, addresses the unique risks associated with outsourcing IT security functions.

Apr 2, 2012

Outsourcing booklet

Added examination procedures to address the risks associated with cloud computing.