Agencies Issue Statement on Cloud Computing Security

With many banks moving some or all employees to remote work arrangements and accessing more cloud-based technologies, the Federal Financial Institutions Examination Council released a statement on risk management principles for cloud computing security. FFIEC noted that the statement does not contain new regulatory expectations but rather highlights examples of risk management practices.

Such practices include those related to governance; cloud security management; change management; resilience and recovery; and audit and controls assessment.

Read an ABA Banking Journal feature on managing risks associated with cloud migration.