Welcome » What's New
This section is where all changes made to the InfoBase are listed. Each change entry includes the effective date and a brief description.
Below are the most recent updates to the InfoBase. For a complete listing of all changes, click here: Change History Log
-----------------------------------------------------------------------------------------
10/31/12
Supervision of Technology Service Providers (TSP) booklet
The booklet replaces the March 2003 version and includes the following revisions:
-------------------------------------------------------------------------------------------
Reference Materials - Federal Regulatory Agencies' Administrative Guidelines: Implementation of Interagency Programs for the Supervision of Technology Service Providers
The Guidelines describe the process the FRS, FDIC, and OCC (agencies) follow to implement the interagency supervisory programs and include the reporting templates examiners use throughout the supervisory cycle. The primary audience is the agencies' management and field examiners.
----------------------------------------------------------------------------------------
07/10/12
Reference Materials
Added the FFIEC Public Cloud Computing Statement. The statement maps cloud computing risks to the various FFIEC IT Handbook booklets.
05/07/12
Audit, BCP, E-Banking, Information Security, Operations, Outsourcing, and Retail Payments booklets.
Revised multiple booklets to address the transition from SAS-70 to the SSAE-16 attestation review process and other third-party review processes.
04/27/12
Information Security booklet
Added the FFIEC Supplement to the Authentication in an Internet Banking Environment guidance for all agencies in the Resource section, Appendix C.
------------------------------------------------------------------------------------------
04/09/12
Outsourcing booklet
Added Appendix D, Managed Security Service Providers (MSSP). This appendix, including examination procedures to addresses the unique risks associated with outsourcing IT security functions.
04/02/12
Added examination procedures to address the risks associated with cloud computing.