Information Systems Security Policy
This Information Systems Security Policy addresses general guidelines for maintaining an information systems policy and information technology (IT) computing environment within a bank, credit union, fintech company, or other type of financial institution that is controlled, consistent, secure, and in compliance the guidelines set forth in the Joint Agency Policy Statement on User Computing Risks, joint guidelines for information security and safeguarding confidential customer information implemented under section 501(b) of the Gramm-Leach-Bliley Act (GLBA), and the FFIEC Information Technology Examination Handbook.
Table of Contents
- Purpose and Contents – Topic 1
- Policy Statement – Topic 2
- Definitions – Topic 3
- Organization, Responsibilities and Administration – Topic 4
- Risk Management Program Overview – Topic 5
- Information Security Program Risk Assessment – Topic 6
- Information Security Strategic Plan – Topic 7
- Information Security Program Overview – Topic 8
- Data Governance and Management Standards – Topic 9
- IT Asset Management Standards – Topic 10
- IT and Business Environment Representation Standards – Topic 11
- Architecture Standards – Topic 12
- Infrastructure Standards – Topic 13
- Operations Standards – Topic 14
- Change Management Standards – Topic 15
- User Security Control Standards – Topic 16
- Network Control Standards – Topic 17
- Malware, Spyware, and Virus Control Standards – Topic 18
- Logical Security Standards – Topic 19
- Remote Access Standards – Topic 20
- Application Security Standards – Topic 21
- Encryption Standards – Topic 22
- Oversight of Third-Party Providers – Topic 23
- Resilience Standards – Topic 24
- File Exchange Standards – Topic 25
- Zero Trust Architecture Standards – Topic 26
- Microservices Standards – Topic 27
- Internet of Things Standards – Topic 28
- Security Operations Standards – Topic 29
- Assurance and Testing Standards – Topic 30
- Acceptable Use Policy – Topic 31
- Cybersecurity Policy – Topic 32
- Incident Response and Preparedness Policy – Topic 33
- Cloud Computing Policy – Topic 34
- Mobile Device Program Policy – Topic 35
- Document Imaging Policy – Topic 36
- Artificial Intelligence Policy – Topic 37
- Password and Authentication Control – Topic 38
- Photocopier, Fax Machine and Printer Procedures – Topic 39
- Instant Messaging Procedures – Topic 40
- Voice Over Internet Protocol Procedures – Topic 41
- Service Requests and Problem Reporting Procedures – Topic 42
- Audit Policy – Topic 43
- Staff Training – Topic 44
- Retention of Documentation – Topic 45
Includes the following form templates:
- Information Systems Contractor Protection Acceptance (1 page)
- Information Systems Employee Protection Acceptance (1 page)
- Information Systems Exception to Standards (1 page)
- Information Systems Facilities Access Request (1 page)
- Information Systems Incident Response Procedures Checklist (9 pages)
- Information Systems Patch Management Control Form (1 page)
- Information Systems Problem Worksheet (1 page)
Recent updates to this product:
10/01/24 Update
FFIEC Statement – CAT Sunset Statement
FFIEC Press Release – Revised and Renamed Development, Acquisition, and Maintenance (DA&M) Booklet
11/15/23 Update
Client Requests to Create a New Policy for Artificial Intelligence
06/15/23 Update
NIST SP 800-124 – Guidelines for Managing the Security of Mobile Devices in the Enterprise
This Information Systems Security Policy (approximately 384 pages) is available to purchase from BankPolicies.com in Microsoft® Word format.
Product Update Protection Plan
The Product Update Protection Plan is a great way to keep your bank policy up to date! Simply add it to your cart and purchase it for one year of free updates via email.