The rise of technology over the last decade has exacerbated this issue as each new or updated technology solution brings with it a new set of risks. This is the nature of technology as it serves an ever-fluid existence of rapidly maturing software and hardware remedies to challenging business requirements. The speed that both new products appear and new enhancements to existing products are applied make evaluating and monitoring technology risk a daunting task.
For example, the Sarbanes-Oxley Act is only a year old yet already dozens of manufacturers have released software products to help bank management comply with it. All of these products were also developed with expediency to capitalize on the new market the act instantly created. How about security, was there time to incorporate an active security plan within the development process?
This is why technology partners need to be just that, partners.
Banks just have to remain continually mindful that the current market rewards those third parties who react the fastest, not necessarily the best. Bank managers must also remind themselves that, under current law, outsourcing to vendors does not transfer the bank’s responsibility to satisfy regulations.
As more vendors become savvy to the implications of newer regulations, we are witnessing more of them add clauses and addendum’s in the contract to either limit accountability or sidestep participation altogether.
Today, contracts with vendors must be specific about the bank’s regulatory obligations, they can no longer be left unmentioned or implied.
More info: [url=http://www.bankinfosecurity.com/?q=node/view/461]http://www.bankinfosecurity.com/?q=node/view/461[/url]