Board of Governors of the Federal Reserve System
Federal Deposit Insurance Corporation
Office of the Comptroller of the Currency
Office of Thrift Supervision
FOR IMMEDIATE RELEASE
December 14, 2005
Federal Bank and Thrift Regulatory Agencies Publish Guide to Help Financial Institutions Comply with Information Security Guidelines
The federal bank and thrift regulatory agencies today announced the publication of a compliance guide for the Interagency Guidelines Establishing Information Security Standards (Security Guidelines). The compliance guide summarizes the obligations of financial institutions to protect customer information and illustrates how certain provisions of the Security Guidelines apply to specific situations.
The compliance guide provides detailed explanations of the core terms used in the Security Guidelines as well as information to help financial institutions assess risks, design and implement an information security program, properly dispose of customer and consumer information, respond to incidents of unauthorized access to customer information, and oversee service providers that have access to customer information. The compliance guide also lists resources that may be helpful in assessing risks and designing and implementing information security programs.
The compliance guide is not a substitute for the Security Guidelines. The compliance guide addresses only a financial institution's obligations under the Security Guidelines and does not address the applicability of any other federal or state laws or regulations that may pertain to policies or practices for protecting customer records and information.
A copy of the compliance guide is attached. The guide is also available on the
websites of the sponsoring agencies: the Federal Reserve Board; Federal Deposit Insurance Corporation; Office of the Comptroller of the Currency; and Office of Thrift Supervision.