Regulatory Reality:

bcp


October 26, 2011  8:36 PM

Who examines the examiners?



Posted by: David Schneier
assessment, bcp, business continuity plan, GLBA, NCUA, NCUA Part 748, regulations audit, regulatory, Regulatory Compliance, risk, risk assessment, Vendor Management

I remember conducting a risk assessment a few years back for a credit union in which they were missing just about every artifact necessary to prove compliance with NCUA Part 748 (if you're not already aware, thats GLBA for credit unions).  It was, for lack of a better term, a...

October 3, 2011  10:39 PM

Dodd-Frank Section 165(d) : Is this really what was needed?



Posted by: David Schneier
bcp, business continuity, business continuity plan, compliance, Dodd-Frank, FDIC, GLBA, NCUA, regulations, regulatory, Regulatory Compliance, too big too fail

Ever since Dodd-Frank legislation first started rolling down the turnpike towards the banking industry I've been reading and listening to all manner of rhetoric about how none of it's going to solve any problems, that it's going to impede the business of banking and force money to be deposited and...


September 14, 2011  6:27 AM

A new twist on regulatory guidance.



Posted by: David Schneier
assessment, Audit, bcp, business, business continuity, business continuity planning, compliance, disaster recovery, DR, GLBA, NCUA, regulation, regulatory, Regulatory Compliance, risk, risk assessment, vendor, Vendor Management

One of the oddity's of my career is how some issues present themselves in a wide range of my clients despite the fact that there's often no meaningful way to compare them in size.  Some have a single compliance person who is part Compliance Officer and part Information Security Officer and some...


August 28, 2011  3:17 PM

Will Hurricane Irene reveal your BCP’s strengths or weaknesses?



Posted by: David Schneier
Audit, auditor, bcp, business continuity, business continuity plan, compliance, disaster, disaster recovery, DR, exam, examiner, GLBA, NCUA, regulations, regulatory, Regulatory Compliance

I'm violating my own standards by using such an easy topic to blog about but it's too big to ignore.  With the increasing insanity being inspired by 2011's first true hurricane I'd be remiss if I didn't at least explore the impact this is going to have on the business community. I just heard...


January 29, 2011  1:34 AM

Regulatory compliance is not easy



Posted by: David Schneier
assessment, Audit, bcp, business continuity plan, disaster recovery, DR, FDIC, GLBA, NCUA, regulations, regulatory, Regulatory Compliance

Something happened within our practice this past week that made me recall a story from the very beginning of my audit and compliance career. Way back in 1998 when I was first transitioning from being an application developer/manager to a compliance/audit professional, my first long term engagement...


January 8, 2011  5:41 PM

New year advice on developing a business continuity plan



Posted by: David Schneier
Audit, bcp, BIA, business continuity plan, business impact analysis, exam, examiners, FFIEC, GLBA, regulatory, Regulatory Compliance, risk, risk assessment

One of the first things I had to work on this week (and thus one of the first things to work on in the new year) was finalizing a report from last year. The report covered the results of a Business Continuity Plan desktop test and the client needed some clarifications around the results. I've...


November 16, 2010  6:07 PM

What is the practical value of compliance policies?



Posted by: David Schneier
Audit, bcp, compliance, general controls, GLBA, NCUA, regulatory, Regulatory Compliance, risk, risk assessment, Security

My practice recently wrapped up an engagement in which we conducted a tabletop test of a client's business continuity plan.  As always with such exercises, it's interesting to find out how much distance exists between what's documented in an institution's policy/program and how business is...


August 2, 2010  9:29 PM

Where’s the information security oversight?



Posted by: David Schneier
Audit, bank, banking, bcp, CISO, compliance, compliance officer, FDIC, FIL, GLBA, information security, regulatory, Regulatory Compliance, Security, vulnerability test

We were watching a baseball game the other night when one of Microsoft's recent IE8 security commercials aired.  It's the one where a fictitious bank is set up and people off the street, deceived by its appearance, wind up turning over boat loads of personally identifiable information (PII)...


June 1, 2010  7:32 PM

Flu pandemic plan: No need to go overboard



Posted by: David Schneier
Audit, bcp, business continuity planning, findings, observations, pandemic, Pandemic Planning, regulatory, Regulatory Compliance, testing

I'm returning to the office after having given in to the siren song of Memorial Day weekend.  Despite enjoying the long break and all its trappings (way too much I might add), something that hit my radar last week remained on my mind. Earlier in the week, I came across a comment in an IT audit...


April 23, 2010  10:14 PM

Compliance professionals need thick skins



Posted by: David Schneier
assessment, assessments, Audit, bcp, business continuity planning, controls, framework, general controls, GLBA, IT General Controls, NCUA, Regulatory Compliance, Security, security awareness, Vendor Management

I've often surprised people when it comes to conducting audit/assessment work or developing compliance programs.  Generally speaking I'm a reasonable person who typically exhibits an abundance of flexibility in my day-to-day life.  However when it comes to my career, I tend to be much more of a...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: