Additional References

  • 12 CFR 364, Appendix B, "Interagency Guidelines Establishing Standards for Safeguarding Customer Information"
  • 12 CFR 304.3(d), "FDIC Rules and Regulations: Notification of Performance of Bank Services" (also see FDIC FIL-49-1999)
  • 12 CFR 208, Appendix D-2, "Interagency Guidelines Establishing Standards for Safeguarding Customer Information"
  • 12 CFR 30, Appendix B, "Interagency Guidelines Establishing Standards for Safeguarding Customer Information"
  • FFIEC IT Examination Handbook, "Outsourcing Technology Services Booklet"
  • FFIEC IT Examination Handbook, "Information Security Booklet"
  • FDIC RD Memorandum 2008-020, "Guidance for Managing Third-Party Risk"
  • FDIC FIL-81-2000, "Risk Management of Technology Outsourcing"
  • FDIC FIL-50-2001, "Bank Technology Bulletin on Outsourcing"
  • FDIC FIL-27-2005, "Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice"
  • FDIC FIL-44-2008, "Third-Party Risk: Guidance for Managing Third-Party Risk"
  • FRB SR Letter 03-09, "Interagency Paper on Sound Practices to Strengthen the Resilience of the U.S. Financial System"
  • FRB SR Letter 12-14, "Revised Guidance on Supervision of Technology Service Providers"
  • FRB SR Letter 13-19 / CA Letter 13-21, "Guidance on Managing Outsourcing Risk"
  • OCC Bulletin 2002-16, "Bank Use of Foreign-Based Third-Party Service Providers"
  • OCC Bulletin 2013-29, "Third-Party Relationships: Risk Management Guidance"
  • NCUA LCU: 07-CU-13, "Evaluating Third-Party Relationships"
  • NCUA Supervisory Letter No.: 07-01, "Evaluating Third-Party Relationships"
  • NCUA LCU: 01-CU-20, "Due Diligence Over Third-Party Service Providers"
  • NIST SP 800-35, "Guide to Information Technology Security Services"
  • BITS Framework for Managing Technology Risk for Service Provider Relationships, revised May 2008, Financial Services Roundtable: BITS

 

Previous Section
Appendix J: Strengthening the Resilience of Outsourced Technology Services