A closer look at the I in AIO

Happy Monday, compliance friends! We know how much you all love a good series, so here you go!

A couple of weeks ago we blogged about the Federal Financial Institutions Examination Council’s (FFIEC) recently issued Architecture, Infrastructure, and Operations (AIO) booklet. Shortly after, we published a blog to take a closer look at what architecture means and FFIEC’s expectations for managing risk associated with architecture. Today’s blog will discuss the infrastructure portion of the booklet and outline a few forms of risk management suggested by the FFIEC.

As explained in the previous blog, “architecture describes how credit unions design the use of hardware and software to achieve their business goals.” Infrastructure is the hardware, software, and other elements that should fit into the strategic architectural design laid out by the credit union. The booklet explains, “IT infrastructure includes hardware, network and telecommunications, software, IT environmental controls (e.g., power and HVAC), and physical access that allow for an enterprise IT environment’s operation and management.”

Below are the essential components of a credit union’s IT infrastructure and tips on how management can keep each component safe and secure.

 

continue reading »