The Quick Read Protection of consumer financial information Mandated compliance with the FFIEC Guidelines 2 factor authentication requirements Understanding what is required to be logged and the data retention requirements Click Here to download FFIEC Compliance Services (pdf)

Who Needs a FFIEC Compliance Services?

	Companies that handle consumer financial information are required to comply with FFIEC Guidelines.
	Companies that are trying to demonstrate due diligence and compliance with respect to corporate governance and with federal and state mandated regulations.
	Companies that are a financial institutions, business partners or a service provider for a financial institution.

What is FFIEC Compliance Services?

FFIEC Compliance Services provides a repeatable and ongoing process to evaluate the adequacy of system logging as well as the type of information collected. Furthermore, the review of documented security policies and the appropriate management of controls to govern activity monitoring and data retention of security event logs.

Identification of key systems, determine level of logging required and review of established policies that govern the activity.

Arsenal Security Group consultants can assist your organization in determining for your business needs, components to log, what to log, and when to log.

The following are typical logged events:

	Inbound and outbound internet traffic		Internal Network Traffic
	Firewall Events		Intrusion Detection Events
	Network and Host Performance		Operating System Access
	Application Access		Network and Domain Access
	Remote Access via VPN

FFIEC Compliance Services Engagement Process and Deliverables

After an initial call, the Arsenal Security Group Senior Partner will prepare a statement of work within 2 days and we normally can begin an engagement within two weeks. During the engagement we will use interviews, questionnaires, physical tours and technical tools to develop our assessment. We usually use 1-2 consultants in tandem with our Senior Partner to complete an engagement. We will provide an executive summary, a detailed report with all of our findings and recommendations, and a final onsite presentation. Our engagement is not complete until all of our deliverables have been reviewed and accepted by our client.

About Arsenal Security Group
Arsenal Security Group is a security consulting firm that is focused on close client coordination and collaboration. From the initial meeting through the final presentation, one of Arsenal Security Group’s Senior Partners will be the primary contact for all engagement activities. We proactively conduct weekly calls with our client when engaged and meet with clients on a quarterly basis to review and understand their security posture – even when we are not actively engaged on assignment to ensure they are aware of new security risks or regulatory changes they may impact their business.

^^ Top