In light of a number of highly publicized security breaches involving service providers, on April 18, 2011, the Office of the Comptroller of the Currency (OCC) issued an alert highlighting the need for national banks and their technology service providers (TSPs) to take steps to ensure that their enterprise risk management is sufficiently robust to protect and secure bank and customer information. The alert highlights that national banks and their TSPs should perform periodic risk assessments of their information security programs with respect to the prevention and detection of security incidents. Moreover, the OCC indicated that it expects national banks and their TSPs to review specific advisories issued following a recent security incident to ensure that their information security programs appropriately address recommendations made in those advisories, based on their environment and risk profiles.
- How-to guide How-to guide: How to develop, implement and maintain a US information and data security compliance program (USA)
- How-to guide How-to guide: How to manage third party supply chain data privacy, security risks, and liability (USA)
- Checklist Checklist: Privacy and data security law training (USA)