IT Examiner School, Palm Springs, CA

Service Providers/Vendors

• Perform due diligence when selecting service providers;

• Require service providers to comply with the institution’s information security program at a minimum; and

• Monitor service providers.

Information Security Program Adjustment

• Technology

• Sensitivity of Customer Information

• Internal or External Threats

• Institution’s Changing Business Arrangements

• Information security program should reflect the current information technology environment and practices