Checklists and Samples
The samples and checklists below are written by TrustCC professionals to benefit the information security and financial services community. You may have seen these materials referenced in various trade magazines or publications. While we do not require registration to download the documents, we do appreciate your comments and suggestions for future materials.
Additional samples and checklists are available to clients and prospective clients who ask for additional samples. If you have comments or suggestions, we encourage you to contact us so we can improve our materials.
- Sample TG-3 Procedures .PDF
The sample procedures are intended to help community banks and credit unions comply with "best practices" whether or not they have TG-3 audit requirements.
- Member or Customer Information Security Risk Assessment .PDF (26K)
Our current risk assessment template that ties reasonably foreseeable risks to countermeasures and tests of key controls.
- SAS70 Attestation Review Checklist.PDF (29K)
A new checklist to help financial institutions document their review of vendors with custody of customer or member data.
-
Vendor Due Diligence Checklist .PDF (29K)
An accompaniment to the article titled, "Vendor Due Diligence - Filtering Out Security Vendor Rhetoric." While designed for the selection of IT security and audit vendors, the checklist could certainly be used for other vendor types. -
Information Security Policy Framework .PDF (173K)
TrustCC is often asked to provide guidelines for information security policies. This framework incorporates standard security policy topics for a variety of organizations in different industries. Policies should address responsibility, practices and oversight methods for each topic listed. -
Generic BCP Process Diagram .PDF (287K)
One of the biggest challenges in business continuity planning is identifying which systems are critical to operations. This process diagram provides an example of how you might want to diagram your key processes. -
Security Self Testing Guidelines .PDF (173K)
Small financial institutions must comply with the same regulations as larger ones. Some requirements can be quite onerous to the smaller institution. One example is the GLBA requirement to regularly test key controls of the information security program. The TrustCC guidelines associated with this link provide a means to perform some testing with competent internal staff. While following these guidelines will NOT strictly comply with GLBA requirements, smaller financial institutions with very limited fiscal resources may not have a viable option. - Systems Hardening
These system hardening examples are for securing devices (routers and switches, servers and workstations, printers and scanners, etc.) prior to installation for official business.
- Laptop Controls Checklist .PDF (32K)
- Server Controls Checklist .PDF (28K)
- Network Device Controls Checklist .PDF (37K)
- Firewall Controls Checklist .PDF (45K)
If you have questions about using any of these resources, please contact us. We are happy to help!
Ask TrustCC
Have an IT Compliance Question? We'll get you an answer!
Subscribe to our Blog
Subscribe to our blog, Where Trust is Key!
About TrustCC
Our team of professionals is unsurpassed in their technical ability to evaluate systems security and exploit vulnerabilities. Our IT audit methodology is robust and closely aligned to bank and credit union regulatory guidance. When we make a recommendation you can be sure it is sound, operationally prudent and the right thing to do.
We believe in innovation. Our reports include benchmarking un-matched by any other firm. We deliver our findings and recommendations in a format that facilitates remediation of the issues. The support, checklists and training we provide ensures the value of our service far exceeds the fees paid.
Our devotion and focus has enabled us to quickly gain market dominance in our home State. Now we are expanding to serve community banks and credit unions throughout the United States.
Greatest Value. Best Service. Un-matched Technical Competency.