IT Risk Check FAQ's
Why was the IT Risk Check software developed?
We believe that there is a real void of ‘affordable' choices for a bank to address the need to assess their information security and to conduct a formal IT risk assessment. Currently, banks have the option of hiring anexternal consultants at costs starting at $10,000 and up or attempting to do the compliance review and risk assessment on their own. We believe that most banks should do their own risk assessment and information security compliance review, however most lack the time and understanding how to do it. IT Risk Check was developed as an affordable alternative for those that want to accomplish this internally and be in a position to better manage their internal IT risks and programs.
Why do I need this program?
The Gramm-Leach-Bliley Act (GLBA) mandates that financial institutions establish an adequate written Information Security Program that complies with the guidelines establishing standards for Safeguarding Customer Information mandated by section 501(b) of the GLBA. An important component of GLBA includes evaluating the risk assessment process. IT Risk Check was developed to guide a bank through the tedious process of organizing and conducting a bank systems and policy review of the eight (8) key areas as defined by the FFIEC Handbooks. This includes both an IT and Physical risk assessment and a complete GLBA 501(b) safeguarding customer information audit review. Using the IT Risk Check software will save you hours preparing the assessments and reviews that are required and will generate over 20 reports that will assist you in responding to future IT exams and regulator lead information security reviews.
What does the IT Risk Check program do?
IT Risk Check is a software program that consists of a series of modules integrated into one easy to use solution. The modules help you document an IT risk assessment and GLBA 501(b) review consist of the following:
- Getting Started Checklist: This is comprehensive 22 item check list will identify the resources and materials you will need during your review.
- Information Systems Review: This section is comprised of eight (8) review areas which include, information security management, application and vendor management, data and physical security reviews, disaster recovery and business continuity planning, electronic transfer, electronic banking, networking and firewall issues, and operational controls.
- Information Security Risk Assessment: This section of the software organizes and manages your IT and physical systems risk assessment. The IT Risk Check software will guide you through the process of identifying your critical IT systems, data threats, data sensitivity. This section reviews existing controls, recommends additional controls if necessary and will assist you in determining a final risk rating by system.
- Safeguarding Customer Information: Documentation is critical to the process and this section will assist you in documenting your compliance with GLBA in four (4) key sections. They include a written information security program, risk assessment process, oversight of service provides, and the program adjustment process.
Does your firm provide the penetration tests and scans service?
Yes. TruPoint can conduct both external penetration tests and internal vulnerability scans. The results from these tests will be instrumental when documenting threats or vulnerabilities in your information security program.
How is the IT Risk Check software licensed or sold?
IT Risk Check is licensed to each financial institution based on its asset size.
What are the operating system requirements for the software?
The IT Risk Check software is compatible with standard Microsoft Windows based operating systems.
Can IT Risk Check be installed on our network server?
Yes, it can run on a network. Depending upon your network in several configurations. Please refer to your installation documents or contact our support department for more help.
How often do I need to do an IT Risk Assessment?
It is mandated that a bank review and update their risk assessment and compliance review of their information security programs and report to the board of directors at least annually. It is recommended that it be updated each time a new system is installed or planned for the bank.
Does it require training and if so, do you offer training?
No. IT Risk Check does not require training. The software is extremely easy to use and user friendly. First time users are productive within minutes of loading the software. If you are comfortable navigating Windows, then you will be comfortable with IT Risk Check. Online Help is also available. TruPoint Partners will provide training for the software upon request.
Do you offer technical support?
Yes. We will provide free technical support for the life of the software. As with all TruPoint products, we guarantee your satisfaction. You can call anytime with any issue and we will be glad to help.
Do you offer volume discounts?
Yes. We offer volume discounts. Please call your account manager for more details.
How soon will I receive my product once I order it?
We will send out your software immediately. Call or request a copy of IT Risk Check today.