Cybersecurity: Cybersecurity Supervision Work Program

The Office of the Comptroller of the Currency, OCC, has published a so-called work program as regards cybersecurity supervision of OCC supervised institutions (foreign banking organizations, national banks, and federal savings associations). The work program is sort of a manual that provides instructions and guidance to OCC staff members in relation to the examination of the cybersecurity of in-scope institutions. The document covers various issues in this context including, among others:
– institutions‘ risk management policies and procedures relating to cybersecurity;
– the procedures banks apply to identify threats and vulnerabilities in their cybersecurity measures;
– institutions‘ responsiveness to ongoing or emerging threats;
– institutions‘ incident response mechanisms;
– practices as regards cybersecurity risk management in the supply chain;
– access control procedures and practices;
– the application of protective technologies to prevent system disruptions and downtimes; or
– the maintenance, content, and completeness of recovery plans.