FFIEC Issues Statement on Cloud Computing Vendors

more+
less-
more+
less-

On July 10, the federal banking regulators, through the Federal Financial Institutions Examination Council (FFIEC), published a statement on outsourcing of cloud computing services by financial institutions. The statement explains that the regulators consider cloud computing to be another form of outsourcing with the same basic risk characteristics and risk management requirements as traditional forms of outsourcing. The statement goes on to outline the key risks of outsourced cloud computing, focusing on due diligence, vendor management, information security, audits, legal and regulatory compliance, and business continuity planning. The statement concludes that “[c]loud computing may require more robust controls due to the nature of the service. When evaluating the feasibility of outsourcing to a cloud-computing service provider, it is important to look beyond potential benefits and to perform a thorough due diligence and risk assessment of elements specific to that service.”

 

Topics:  Cloud Computing, FFIEC, Outsourcing

Published In: Administrative Agency Updates, Finance & Banking Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© BuckleySandler LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »