IT-RMP

The FDIC conducts periodic examinations of financial institutions’ information security programs and risk management practices through the Information Technology Risk Management Program (IT-RMP). Examinations can be conducted at all FDIC-supervised financial institutions.

The review includes evaluation of all written policies, procedures and guidelines, analysis of the physical security program, and understanding of internal and external threats to confidential customer information. Examiners also look at the steps the financial institution takes to thwart threats—from vulnerability and penetration testing to formal logging and monitoring, configuration, change and patch management. In addition, examiners review the institution’s employee security awareness program.

Preparing for and going through these examinations can be time consuming and costly. LBMC Security Services works with financial institutions to plan ahead, bringing our insight into the exam process, addressing concerns and preparing easy-to-find responses before an examination ever occurs. We know evaluation of FDIC IT-RMP compliance, or any compliance for that matter, is not a one-time event and changes can’t be implemented at the last minute—successful compliance requires an ongoing strategy and implementation.