Federal Financial Institutions Examination Council, FFIEC IT Examination Handbook (full-text).
The Handbook is composed of 12 booklets designed to help examiners and organizations determine the level of security risks at financial institutions and evaluate the adequacy of the organizations’ risk management. Examiners rely on these booklets in addition to the Gramm-Leach-Bliley Act and Fair Credit Reporting Act of 1970 guidance when examining the integrity of an institution's information privacy and security procedures.
Some of these booklets help examiners oversee financial institutions’ use of information resellers and other third-party technology service providers by addressing topics such as banks’ outsourcing of technology services, or banks’ supervision of its technology service providers.
Examiners use these booklets to oversee the soundness of their institutions' technology services and to address information security issues posed by third-party technology service providers such as information resellers.