DOC

IT Charter Investigation

By Eva Peterson,2014-11-13 14:37
8 views 0
IT Charter Investigation

    STATE BANK CHARTER

    INFORMATION TECHNOLOGY PLANS

    Instructions for completing this questionnaire

Provide both an electronic copy (CD) and paper copy of this completed

    questionnaire and the requested documents listed on the last page:

Attention:

    Phillip Hinkle IT Charter Investigation Material

    Texas Department of Banking

    1201 North Watson. Suite 210

    Arlington, Texas 76006

Please send an electronic mail message to phillip.hinkle@banking.state.tx.us to

    notify us when the above requested documents were sent.

Questions may be addressed to: phillip.hinkle@banking.state.tx.us or by phone @

    (817) 640-4050

Revised June 13, 2006 Page 1 of 5

    STATE BANK CHARTER

    INFORMATION TECHNOLOGY PLANS

MANAGEMENT

    1. Provide the name, title, job description, and biography of the IT security officer and system

    administrator. If these duties will be outsourced, provide the name and address of the firm and a

    brief description of the services to be provided. Provide a copy of the contract.

2. Provide the name and biographies of the IT Committee members.

3. Describe the proposed insurance coverage for IT activities.

4. Provide the estimated start-up costs for information technology.

5. Outline the IT succession plan.

    6. Describe the evaluation process for selecting the core banking application/service provider.

AUDIT/INDEPENDENT REVIEW PROGRAM

    1. Outline the proposed internal and external IT audit program and audit scope.

    2. Provide the name, title, job description, and biography of the IT auditor (internal and external). If

    these duties will be outsourced, provide the name and address of the firm and a brief description

    of the services to be provided. Provide a copy of the proposed engagement, if one has been

    proposed. If an auditor or firm has not yet been selected, provide a copy of your policy that

    describes the selection guidelines and criteria.

    3. Identify the anticipated date and frequency that the IT audit/independent reviews will be

    performed.

Revised June 13, 2006 Page 2 of 5

    STATE BANK CHARTER

    INFORMATION TECHNOLOGY PLANS

OPERATIONS SECURITY AND RISK MANAGEMENT

    1. Describe all critical IT platforms (core banking, network, and major applications).

2. Describe the planned antivirus program.

    3. Indicate if remote access will be allowed. If so, describe the proposed controls.

    4. Indicate if IDS/IPS will be used for monitoring host and/or network activity.

    5. Describe plans for performing penetration tests and vulnerability assessments. Provide the name

    and address of the firm(s) that will be completing these services.

    6. Outline the incident response plan for containing damage and minimizing risks to the institution.

    7. Outline the physical and environmental controls to protect information assets.

8. Describe the vendor management program.

    9. Describe any planned wireless activity, imaging systems, and wire transfer activities (e.g. ACH,

    ATM, POS, FedAdvantage).

10. Provide the bank’s website address and proposed electronic banking activities, including

    telephone and internet banking (transactional or information-only).

Revised June 13, 2006 Page 3 of 5

    STATE BANK CHARTER

    INFORMATION TECHNOLOGY PLANS

DISASTER RECOVERY AND BUSINESS CONTINUITY

    1. Provide the name, title, job description, and biography of the business continuity planning

    coordinator.

2. Describe the planned backup procedures for all critical systems.

    3. Identify the location of the off-site processing site and off-site storage location.

    4. Describe plans for testing the disaster recovery/business continuity plans.

Gramm-Leach-Bliley Act/FDIC Rules and Regulations Part 364 Appendix B

1. Provide a copy of the written information security program

    2. Provide the names and titles and/or committee members responsible for overseeing and

    implementing the information security program.

    3. Outline the independent testing requirements to test the controls of the information security

    program.

    4. Outline the reporting process to the Board of Directors for communicating compliance with the

    information security program.

5. Provide copies of all IT-related Policies.

Revised June 13, 2006 Page 4 of 5

    STATE BANK CHARTER

    INFORMATION TECHNOLOGY PLANS

    Please provide the following documents

; IT-related Policies

    ; Network Topology

    ; IT Strategic Plan

    ; IT Audit Policy

    ; Information Security Program

    ; IT Risk Assessment Methodology

    ; Business Continuity Plan

    ; Disaster Recovery Plan

    ; Contracts for:

    Hardware and Software, Internet banking, Telephone banking, Debit/credit cards,

    Penetration tests, Vulnerability assessments, Disaster recovery services, Bill pay,

    Merchant processing arrangements, and IT audits.

    Revised June 13, 2006 Page 5 of 5

Report this document

For any questions or suggestions please email
cust-service@docsford.com