Might also consider obtaining the Technology Service Provider (TSP) report through your regulator. The regulatory exam covering a TSP is similar to an IT General Controls review, but often includes targeted reviews of other areas as well. We've found that the TSP report often paints a different picture than the SOC report. Get with your lead examiner to find out the instructions for obtaining these - they are very specific.
Original Message:
Sent: 03-22-2023 07:38 PM
From: Nikki Uffelman
Subject: Annual Due Diligence
Hello:
Curious as to what others are doing in the financial banking realm relating to a core processor for annual due diligence. Currently, my bank is collecting all due diligence for said core processor: (1) BCP (2) Insurance (3) Financials (4) IRP (5) ISP (6) Physical Security (7) Pen Tests (8) Vendor SOC's (9) Subcontractor's SOC's.
Thank you!