On July 10, 2012, the Federal Financial Institutions Examination Council (FFIEC) issued a statement (the "FFIEC Statement") cautioning financial institutions to undertake thorough due diligence and risk assessment for outsourced cloud computing arrangements. While affirming that "the fundamentals of risk and risk management" for other forms of outsourcing (as described in the FFIEC Information Technology Examination Handbook) apply to cloud computing, the FFIEC Statement concludes that "[c]loud computing may require more robust controls due to the nature of the service."
The FFIEC Statement highlights six key elements of outsourced cloud computing implementation and risk management: (i) due diligence; (ii) vendor management; (iii) auditing; (iv) information security; (v) legal, regulatory and reputational considerations and (vi) business continuity planning. In general, the FFIEC Statement reiterates the importance of these functions, while identifying particular areas of concern for each with respect to outsourced cloud computing, including data handling and storage. The FFIEC Statement identifies data classification, data segregation and recoverability as potential issues in outsourced cloud computing arrangements.
Please see full alert below for more information.
Firefox recommends the PDF Plugin for Mac OS X for viewing PDF documents in your browser.
We can also show you Legal Updates using the Google Viewer; however, you will need to be logged into Google Docs to view them.
Please choose one of the above to proceed!
LOADING PDF: If there are any problems, click here to download the file.