- The IT Officer's Questionnaire is an essential element of the FDIC's information technology examinations of FDIC- supervised financial institutions.
- A "Vendor Management and Service Provider Oversight" section was added to the questionnaire to reflect potential reliance on outside firms for technology-related products and services.
- New questions were added for payment system risks, including questions relating to the Originating Depository Financial Institution (ODFI), wire transfer, credit card merchant processing, and remote deposit capture.
- All questions now include at least one reference to existing guidance or regulations.
- The summary section for Part 364, Appendix B, Interagency Guidelines Establishing Information Security Standards, was replaced with a reference document that maps applicable questionnaire items to the Guidelines. This reference document will assist financial institution management in conducting self-assessments of their information security programs. Evaluating compliance with the Guidelines is part of every IT examination.
- The IT Officer's Questionnaire must be completed and signed by an executive officer of the financial institution and returned to the FDIC examiner-in-charge prior to the on-site portion of the examination.
FDIC-Supervised Banks (Commercial and Savings)
Chief Executive Officer
Chief Information Officer
Chief Information Security Officer
Chief Compliance Officer
Interagency Guidelines Establishing Information
Uniform Rating System for Information Technology
IT Officer's Questionnaire (PDF Help)
IT Officer's Questionnaire (Word Help)
Senior Examination Specialist Donald Saxinger at
email@example.com or (202) 898-6521
FIL-105-2007 - PDF (PDF Help)
FDIC financial institution letters (FILs) may be
accessed from the FDIC's Web site at
To receive FILs electronically, please visit
Paper copies of FDIC financial institution letters
may be obtained via the FDIC's Public Information
Center (1-877-275-3342 or 703-562-2200).