Regulatory Compliance Services

three images reading best practice

IT Audits

IT Audits from CSI provide a comprehensive review and analysis of all the major information technology areas recommended by the Federal Financial Institutions Examination Council (FFIEC). Our IT security audit services identify and provide recommendations for mitigating the current and foreseeable risks threatening your systems and the consumer data housed on them.

To protect your customers’ nonpublic personal information and ensure cybersecurity preparedness, you’re required to meet Gramm-Leach-Bliley Act (GLBA) requirements. Part of meeting those requirements is maintaining a thorough understanding of your IT systems.

How to Stay Compliant Using an IT Security Audit

To meet GLBA compliance requirements and FFIEC guidelines, your financial institution must:

  • Understand how consumer data is stored, accessed and maintained on your IT systems
  • Identify and assess all current and foreseeable risks to your IT systems and the data stored on them
  • Design and implement a risk management plan to mitigate those risks
  • Test the components of the plan and adjust as needed

Performing a bank IT audit helps your institution implement these best practices by researching your specific regulatory compliance needs, performing an on-site information security review and providing you with an audit report you can use to improve your IT security program.

3-Stage IT Audit for FFIEC IT Examination Handbook Rules

CSI's consultants execute three key audit stages guided by the FFIEC’s IT Examination Handbook, including:

  • Research
    Preliminary research to build trust with key personnel and gain sound understanding of your IT systems.
  • On-Site Analysis
    An on-site analysis of your information system controls and procedures, including hardware and software inventory, computer-usage testing, password protocols, electronic banking controls, funds transfer process, personnel practices, management IT oversight, operational controls, vendor management, system vulnerability and after-hours security. 
  • Audit Report
    A three-tiered audit report to put your institution on the right path for GLBA compliance, including a summary of priority issues with recommendations for senior management and your board, detailed list of implementation items for IT and a current snapshot of systems network and connectivity.

With IT audits, you get access to our expert consultants, as well as the sophisticated technology they use to assess your information technology systems. Contact CSI today to find out how you can strengthen your GLBA compliance with an IT security review.