Risk Assessment Requirements
The section 501(b) of the Gramm-Leach-Bliley Act of 1999 (GLBA) requires that banks have an Information Security Risk Management Program. One of the major components of the program is an ongoing risk assessment program. The FFIEC is fairly specific as to how this should be done. Admittedly, a proper risk assessment is a large, difficult undertaking, mandates objectivity and requires a multidisciplinary approach according to the FFIEC guidelines.
How does CBC conduct a Risk Assessment for a community bank?
Community Banc Consulting, Inc. can conduct a compliant risk assessment for your bank that will help you learn about your IT infrastructure and satisfy the examiners. CBC uses a methodical process to evaluate the risks your bank faces and the controls that you have in place to mitigate those risks. We produce a concise report that you can discuss with your board of directors and examiners. We will also make suggestions as to what further controls you need to consider putting in place.
Once a risk assessment is completed, a bank can then develop policies that are supported by the assessment of their unique situation. This policy is generally referred to as the Information Security Policy.
If you are not a client of Community Banc Consulting, Inc.'s IT Services, you will need an IT Audit in order to have an accurate IT Risk Assessment.
If you would like to learn more about our IT Risk Assessment, please contact us or call:
- Paul Elder at 614-848-3189 ext. 121
- Larry Krietemeyer at 614-848-3189 ext. 143
The expertise and learning that they bring to the organization is very helpful. Their professionalism, sharing of ideas, and willingness to sit and talk when we want them to, is a big help.