Company Services Industry Focus Partners Case Studies Career
Home Home
  Industry Focus
Financial Services
Energy & Utility
Telecomunications
Public Sector
ISO
SMB
 
 
 
You are here : Home | Industry Focus | Financial Services |
Financial Services

Zachs Consulting provides information security and assurance solutions to meet the exact legal and regulatory requirements of the financial services community, point by point. Our Financial Services Security and Assurance Package provides a complete information security and assurance solution that confirm you will comply with your next audit without breaking your bank.

Zachs Consulting covers many legislation and regulations including but not limited to:

Sarbanes-Oxley (SOX) - Section 404 of the Sarbanes-Oxley Act (SOX) covers internal controls over financial reporting. This section mandates an annual evaluation of internal controls and procedures for financial reporting that must be certified by the CEO and CFO. Section 404 also requires an external auditor independently attest to management's assertion on the effectiveness of internal controls, including IT controls, as they relate to financial reporting.

Fair and Accurate Credit Transaction Act (FACTA) - The Fair Credit Reporting Act (FCRA) contains a number of provisions designed to enhance the accuracy and integrity of data in consumer reports. Section 312 of the FACT Act requires federal financial institution regulatory agencies and the Federal Trade Commission to issue guidelines and regulations concerning the accuracy and integrity of information furnished to credit bureaus. 

Federal Financial Institutions Examination Council's - Safeguard Standards - Implements safeguard provisions for Section 501 of the GLBA. Requires banks to protect against unauthorized access and anticipated threats or hazards to security or integrity and unauthorized access or use that could result in harm of inconvenience.

Requirements defined in the Information Security IT Examiners Handbook include:

  1. Risk Assessments
  2. Security Strategy and Policy
  3. Security Controls
  4. Security Testing

Federal Financial Institutions Examination Council's - E-Banking - Places board and senior management responsible for developing the institution's e-banking business strategy, including: cost benefit analysis, risk assessment, due diligence process and third party oversight and Information Security Program.

Information Security Program must address the following:

  • Ensure compliance with section 501(b) of the GLBA
  • Information Security Controls
  • Authenticating Customers
  • Administrative Controls
  • Legal and Compliance

Regulation defined in the E-Banking Examiners Handbook, August 2003 include:

  1.   Information Security Controls
  2.   Internal Controls
  3.   Business Continuity Controls

Authentication in An Electronic Banking Environment - the guidance focuses on the risk-management controls necessary to authenticate the identity of customers accessing electronics financial services. It also addresses the verificiation of new customers and the authentication of existing customers. The guidance applies to both retail and commercial customers.

The Federal Deposit Insurance Corporation (FDIC) believes that an effective authentication program should be implemented on an enterprise-wide basis and that the level of authentication used by a financial institution in a particular application should be appropriate to the level of risk in that application. In this guidance, FDIC does not endorse any particular technology or method of authentication.