Welcome to FFIEC
IT Examination Handbook InfoBase

Prompt delivery of introductory, reference, and educational training material on specific topics of interest to field examiners from FFIEC members.

IT Booklets

Audit, Business Continuity Planning, Development and Acquisition, E-Banking, Information Security, Management, Operations, Outsourcing Technology Services, Retail Payment Systems, Supervision of Technology Service Providers, and Wholesale Payment Systems.

IT WorkPrograms

Easy to follow procedures to help determine the quality and effectiveness of the financial institution’s IT risk management.

/

Sign up for FFIEC IT Handbook InfoBase Email Updates and What’s New RSS Feed

What's NewLink to a feed containing any updates to the FFIEC IT Handbook InfoBase (e.g., booklets, appendices, and joint statements)

GlossaryDefinitions of terms found in or relating to IT booklet concepts

Laws, Regulations, & GuidanceLink to the regulatory resources by IT booklet and further sorted by regulatory agency

ReferencesThis page contains topical materials that supplement booklet content and are for informational purposes

FFIEC IT BOOKLETS

Access all the resources associated with the individual handbooks

Audit

Guidance to examiners and financial institutions on the characteristics of an effective information technology (IT) audit function

Business Continuity Management

Guidance to examiners on the principles of BCM and approaches of business continuity planning and resilience; and examination procedures to help determine the effectiveness of business continuity and resilience

Development and Acquisition

Guidance to examiners to determine whether an institution effectively identifies and controls development and acquisition risks

Information Security

Guidance to examiners on factors to assess information security risks and procedures to evaluate the adequacy of the information security program

Management

Guidance to examiners outlining the principles of overall governance and IT governance and provides examination procedures to evaluate IT governance and processes for ITRM

Architecture, Infrastructure, and Operations

Guidance to examiners on enterprise-wide, process-oriented approaches that relate to the design of technology within the overall business structure, implementation of IT infrastructure components, and delivery of services and value for customers.

Outsourcing Technology Services

Guidance and examination procedures for examiners evaluate risk management processes to establish, manage, and monitor third-party service provider relationships

Retail Payment Systems

Guidance to examiners on identifying and controlling risks associated with retail payment systems and related banking activities

Supervision of Technology Service Providers

Outlines the Agencies' risk-based supervisory program and includes the examination ratings used for regulated financial institutions and their third-party service providers

Wholesale Payment Systems

Guidance to examiners on the risks and risk management practices when originating and transmitting large-value payments

Archived Booklets

IT Booklets that have been superseded by a newer revision

HOW TO USE THE IT EXAMINATION HANDBOOK INFOBASE

The IT Examination Handbook InfoBase Home page (this screen) provides users with access to everything in one place. At the top of the screen, across the banner from left to right, users can get to the FFIEC Infobase Home Page, the IT booklets, IT workprograms, Glossary, and the FFIEC Home Page. By hovering over the IT booklets link in the banner, users can select the booklet they want to see, including a page of archived IT booklets. Users can scroll down past the introduction of the Infobase to opt in to receive e-mail or RSS feed updates when changes are made to the Infobase. Lower in the page, the user can access several pages under solid circles including What’s New, Glossary, Laws, Regulations, & Guidance, and References. Finally, the IT booklets are laid out on the screen, with a description of each, and the ability for the user to select the view they choose, from the Table of Contents, the Online View of the booklet, a Download of the booklet, or a Download of the workprogram. At the bottom of the screen, the user can link to a page containing all of the booklets and workprograms available for single or bulk download.

Select Multiple IT Booklets to Download Now