FIL-52-2020
April 30, 2020
FFIEC Joint Statement on Risk Management for Cloud Computing Services
Printable Format:
Summary:
The FDIC, as a member of the Federal Financial Institutions Examination Council (FFIEC), is issuing the attached statement addressing the use of cloud computing services and security risk management principles in the financial services sector.
Statement of Applicability to Institutions under $1 Billion in Total Assets: This Financial Institution Letter (FIL) applies to all FDIC-Supervised Financial Institutions.
Highlights:
- Inherent in the use of cloud computing services are shared responsibilities between the provider and the client. The attached document identifies responsibilities financial institutions would have when contracting with cloud computing providers.
- The attached document provides examples of risk management practices for a financial institution’s safe and sound use of cloud computing services and safeguards to protect its customers’ sensitive information from risks that pose potential consumer harm.
- The attached document includes a list of public and private sector resources and references that can assist financial institutions with managing cloud computing services.