Credit Union Alert: Understanding FFIEC’s Cloud Computing Guidance
Cloud computing services continue to proliferate in today’s ever-evolving technological landscape. Many financial institutions, including credit unions are beginning to move their data to the cloud. Doing so raises a number of questions and recently, the Federal Financial Institutions Examination Council (FFIEC) stepped in and issued guidance to help minimize the potential pitfalls. The guidance addresses privacy and security concerns that credit unions needs to be aware of to minimize data breeches and security threats.
The Knowledge Group has assembled a panel of key thought leaders to help credit unions and financial institutions understand the new guidance. The speakers will share their opinions in a two-hour LIVE Webcast and will also be available to answer your questions during the Q&A session.
Janet A. Stiven, Member,
- Overview of the Federal Financial Institutions Examination Council’s (“FFIEC”) July 10, 2012 Outsourced Cloud Computing Statement and its guidance to the financial industry concerning how to effectively evaluate and deploy a cloud services and manage the associated risks of the rapidly changing marketplace for cloud services.
- How to ensure that boards of directors and management understand and meet their responsibilities under the FFIEC’s guidance with respect to the use of cloud services.
- Understanding best practices for cloud provider selection and management-including vendor risk assessment and due diligence -is essential for a successful cloud deployment.
- Cloud provider viability matters. Knowing the areas of cloud provider risk and tools for managing the risk-such as effective use of escrows- are among the strategies for mitigating risks associated with cloud provider viability.
- Aligning cloud service level agreements (SLA) with contingency and continuity planning is one of several key considerations in negotiating cloud service SLAs.
James T. Shreve, Attorney,
- Having good terms in the cloud services contract is crucial to meeting the requirements of the FFIEC guidance and ensuring the security of information and systems
- Most standard cloud services agreements have little to nothing about security of the information, far less than for physical storage of data
- Among the most important items to address in the services agreement: Regulatory requirements and examinations; Indemnity; Actual and possible breaches; Access for external forensics and experts; Location of storage; Exiting the cloud
- Leverage can be a significant issue so have alternatives ready
Sue Ulrey, Risk Services Partner,
- Monitoring and Auditing issues
- Continuing ongoing relationships
- SLA 16 and other monitoring tools and industry nuances, nature of transactions, reputational risks
Who Should Attend:
‒ Executives and Senior Officers of Credit Unions, Banks, Thrifts and other Financial Institutions whose
job functions include:
‒ General Counsel, Security Officers, Legal Risk Officers and Administrators, IT Security Officers, Data Security, Risk and Compliance
‒ Attorneys whose practice areas include Finance, IT, Data Security, Cloud Computing and Related Areas
Janet A. Stiven is a business attorney in the Chicago, Illinois office of Dykema Gossett PLLC, past leader of Dykema’s …
James T. Shreve is an attorney in the Washington, DC, office of BuckleySandler LLP where he advises the financial services industry and other clients on privacy and data security issues. His practice includes advising clients regarding compliance with privacy, data and cyber security requirements and he also assists clients in preparing for and addressing regulatory examinations involving privacy and data security issues. He has done significant work relating to privacy and data security issues relating to mobile payments systems and he has assisted clients in addressing hundreds of data security incidents. Mr. Shreve is a frequent speaker at conferences on privacy and data security topics and he has authored several articles on these subjects. Prior to joining BuckleySandler, Mr. Shreve was an attorney in the Privacy & Data Security and Financial Services groups at Goodwin Procter.
James T. Shreve is an attorney in the Washington, DC, office of BuckleySandler LLP where he advises the financial services …
Sue Ulrey is CliftonLarsonAllen’s National Partner for Specialty Advisory Services, including Internal Audit, ERM, Quality Assurance Reviews, and IT Risk Assessments.
She is a highly respected risk management professional with over 20 years of consultant and practitioner experience. Sue’s combination of internal audit, due diligence, ERM, SOX, organizational and process improvement knowledge and her previous experience as a CAE for a Fortune 100 Healthcare organization enables her to bring real life examples to the sessions, with practical guidance to inculcate into your organizational function.
As the former 2010 CBOK Co-Chair, BREA Chairperson, and current Research Foundation Trustee, as well as a distinguished faculty, Sue has been a dedicated IIA volunteer.
Sue is an active public speaker at the Institute of Internal Auditors and other professional and industry forums on internal audit, quality assurance, ERM, contract compliance and adding value topics and has written and co-authored internal auditing articles.
Sue Ulrey is CliftonLarsonAllen’s National Partner for Specialty Advisory Services, including Internal Audit, ERM, Quality Assurance Reviews, and IT Risk …
Print and review course materials
Method of Presentation:
NASBA Field of Study:
Business Management & Organization
NY Category of CLE Credit:
Unlock All The Knowledge and Credit You Need
Leading Provider of Online Continuing Education
It's As Easy as 1, 2, 3
Get Your 1-Year All Access Pass For Only $199
Dykema serves business entities worldwide on a wide range of complex legal issues. Nearly 400 Dykema lawyers and other professionals in 13 U.S. offices—many nationally recognized and Chambers-ranked leaders in their area of practice—work in close partnership with clients, from start-ups to Fortune 100 companies, to deliver outstanding results, unparalleled service and exceptional value in every engagement. To learn more, visitwww.dykema.com and follow Dykema on Twitterhttps://twitter.com/Dykema
About BuckleySandler LLP
With nearly 150 lawyers in Washington, DC, New York, Chicago, Los Angeles, and Orange County, BuckleySandler provides best-in-class legal counsel to meet the challenges of its financial services industry and other corporate and individual clients across the full range of government enforcement actions, complex and class action litigation and transactional, regulatory and public policy issues. The Firm represents many of the nation’s leading financial services institutions. “The best at what they do in the country.” (Chambers USA). The Firm is ranked in the Legal 500 for its data protection and privacy practice and is “heralded for providing efficient, effective solutions to complex matters.” (Legal 500).
As a top 10 certified public accounting and consulting firm in the nation, CLA is well positioned to bring you an elite level of knowledge, insight, and industry-specific consultation. CLA is the union of Clifton Gunderson LLP and LarsonAllen LLP, two peer firms who have merged to create a different kind of professional services firm. We are one of the few firms of our size and scope to focus singularly on privately held businesses and public sector organizations—as well as the people at their helm. The growth of CLA has resulted from a strategy of industry and service specialization. For additional information, please reference the Firm’s website: www.CLAconnect.com