FFIEC Information Technology Examination Handbook: New Development, Acquisition, and Maintenance Booklet
September 5, 2024 / Source: OCC
Summary
The Federal Financial Institutions Examination Council (FFIEC) issued the “Development, Acquisition, and Maintenance” booklet, which is part of the FFIEC Information Technology Examination Handbook. The booklet replaces the “Development and Acquisition” booklet issued in April 2004. The examination procedures in this booklet help examiners evaluate a financial institution’s controls and risk management processes relative to the risks associated with the development, acquisition, and maintenance of an institution’s systems and components.
Note for Community Bank
The booklet applies to the OCC’s supervision of community banks.1
Highlights
The booklet
- highlights key risk management practices when developing, acquiring, or maintaining systems and components.
- discusses information technology project management, system development life cycle, and supply chain risk management for systems and components when planning development, acquisition, and maintenance activities.
- addresses the importance of system and software maintenance to an institution’s resilience.
The booklet’s revised title reflects an increased focus on the development, acquisition, and maintenance activities over the useful life of a system or component.
Further Information
Please contact Norine Richards, Director for Bank Information Technology, at (202) 649-6550.
Grovetta N. Gardineer
Senior Deputy Comptroller for Bank Supervision Policy