U.S. Federal Financial Institutions Examination Council issues resource document on cloud-based services. Document addresses due diligence, vendor management, information security, audits, legal and regulatory compliance, and business continuity planning. Regulators warn that even when services are outsourced to third parties, financial institutions still bear responsibility for ensuring the security and compliance of those parties and their services. Financial institutions should follow the same fundamental guidelines and risk strategies outlined in the FFIEC Information Technology Examination Handbook, especially the Outsourcing Technology Services Booklet.”]
Source: https://www.cuinfosecurity.com/ffiec-addresses-cloud-risks-a-4940