Security Management Partners’ IT audit and Assessment services are important building blocks in the creation and maintenance of a comprehensive information security program. With SMP’s help, organizations can be confident that they have taken reasonable measures to protect confidential information and have reduced potential liabilities.

Strong security is good business. SMP is expert in helping financial institutions implement compliant programs. Each offering is customized to best fit the needs of each organization.

The Security Challenge

Gramm-Leach-Bliley (GLBA), Red Flag, MA 201 CMR17 and FFIEC guidelines requires that financial institutions establish an effective information security program to protect the confidentiality and security of nonpublic personal customer information or be subject to substantial monetary and legal penalties.

Regulations require financial institutions to assess their own security needs and risks and then devise, implement, and maintain appropriate measures as business decisions. Each entity must balance their resources and business requirements against the risks to protected information. SMP is familiar with all of the regulatory agencies that oversee financial institutions; Federal Reserve System(FRB), The Federal Deposit Insurance Corporation(FDIC), the National Credit Union Administration(NCUA, the Office of the Comptroller of the Currency(OCC), and the Office of Thrift Supervision (OTS).

The SMP Solution & Methodology

SMP assessments address the requirements of the FFIEC and determine if the existing information security program is adequate and complies with the FDIC/NCUA/FRB/OTS/OCC Guidelines Establishing Standards for Safeguarding Customer Information. Without a detailed understanding of what vulnerabilities exist in your particular environment, it is difficult to understand the risks facing your organization. SMP recommends the following methodology...

Our final report establishes a baseline against which progress towards regulatory compliance can be measured. It assists in prioritizing and setting realistic targets, and it recommends steps to reduce each risk. It can be presented to senior management, board members, and regulatory examiners to demonstrate that a comprehensive risk assessment has been performed, gaps identified, and solutions provided to resolve them.

Recurrent Validations

Once the initial program is in place, it is necessary to perform repeat assessments on a regularly scheduled basis. With the constantly changing nature of information security, including new threats and new defenses, follow-up tests or validations are a must for maintaining adequate protection. Client networks are always being updated, new technologies are constantly being offered, and knowledge of client staff must be continuously augmented in order to keep up with the latest trends. Clients’ infrastructure will most likely grow with its network as time progresses and new complexities are added.

Banking IT Audit Services in Action

For nearly ten years, Security Management Partners has been Cambridge Trust Company’s IT security vendor of choice.   In successful collaboration with Cambridge Trust Company’s internal staff, SMP has conducted dozens of engagements and provided unparalleled customer service.    Read the Cambridge Trust Company case study.