Back to Blog

FFIEC Releases AIO Booklet

By Finosec

September 8, 2021

Get notified on new insights from Finosec now!

Be the first to know about new Finosec blogs to grow your knowledge of the cybersecurity governance industry today!

The FFIEC AIO (Architecture, Infrastructure, and Operations) is an update to the operations handbook that was released on June 30, 2021. It doubles the size of the existing operations booklet released in 2004, and provides some considerable changes in regulatory expectations. It includes some expanded guidance from the previous booklet (on items such as hardware and software inventories, and environmental controls) as well as brand new areas of guidance (including increased accountability for board and senior management, third party risk management, and evolving technologies). 

Take a few minutes to watch Finosec Co-Founder and CTO Scott McIlrath’s initial briefing on this update. 

While there is a lot to digest, take Scott’s words to heart: “Don’t panic!” This guidance can feel overwhelming, but we are here to help identify some key takeaways. First and foremost, it’s important to realize that these updates and expectations will be based on the size and complexity of your institution, and is not a “one-size-fits-all” model. Next, this update reveals the burgeoning spotlight on the alignment of goals, strategy, and objectives, data management, and resiliency as they mesh together in your cybersecurity governance. Finally, it is clear that no system or asset is an island, and the focus has shifted from individual considerations to a deeper understanding of the relationships between assets, processes, and third party service providers. 

While there will undoubtedly be more information to come, we hope this video has helped. Don’t hesitate to reach out if you have questions or concerns about this guidance, as well as how Finosec can help out. 

More from Finosec

Partnering for Peace of Mind and Effective Oversight

Partnering for Peace of Mind and Effective Oversight

Pendleton Community Bank, a $700 Million Dollar Bank with 133 Employees in Franklin, WV, led by CEO Bill Loving, faced a critical challenge when their Information Security Officer departed, leaving a significant void in their oversight capabilities. Their goal was clear: establish an effective process for information security governance and cybersecurity oversight to ensure compliance and peace of mind.

Talk To An Expert Now
Talk To An Expert Now 770.268.2765