The purpose of this letter is to inform you of revised technology-related guidance provided to examiners and the credit union industry. Earlier this year, the Federal Financial Institutions Examination Council (FFIEC1) released the Information Security Booklet – a first in a series of booklets to revise the existing 1996 FFIEC Information Systems Examination Handbook. The revised Information Technology (IT) Examination Handbook will be composed of several booklets to address significant changes in technology since 1996 and incorporates a risk-based examination approach to each booklet.
The FFIEC agencies plan to issue additional booklets covering such topics as business continuity planning, technology service providers, electronic banking, audit, payment systems, outsourcing, management, computer operations, and systems development and acquisition.
NCUA has made these booklets available electronically to credit unions via the Internet through the FFIEC’s InfoBase application; printed copies of the booklets will not be distributed by NCUA. The InfoBase will include each booklet in Adobe Acrobat PDF file format, as well as on online version with links to various resource materials and an orientation of the handbook update process.
To access an electronic version of the IT Security Booklet, please visit the Examination Resources section of NCUA’s IS&T webpage at www.ncua.gov/Resources/CUs/IST/Pages/ExaminationResources.aspx. or the FFIEC’s website at http://ithandbook.ffiec.gov (opens new window). Releases of subsequent booklets will be accompanied by an FFIEC press release.
If you have any questions, please contact your NCUA Regional Office or State Supervisory Authority
1The FFIEC is composed of the five federal financial regulators: Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, National Credit Union Administration, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision.