FFIEC Information Technology Examination Handbook: New Development, Acquisition, and Maintenance Booklet

Summary

The Federal Financial Institutions Examination Council (FFIEC) issued the "Development, Acquisition, and Maintenance" booklet, which is part of the FFIEC Information Technology Examination Handbook. The booklet replaces the "Development and Acquisition" booklet issued in April 2004. The examination procedures in this booklet help examiners evaluate a financial institution's controls and risk management processes relative to the risks associated with the development, acquisition, and maintenance of an institution's systems and components.

Highlights

The booklet

• highlights key risk management practices when developing, acquiring, or maintaining systems and components.
• discusses information technology project management, system development life cycle, and supply chain risk management for systems and components when planning development, acquisition, and maintenance activities.
• addresses the importance of system and software maintenance to an institution's resilience.

The booklet's revised title reflects an increased focus on the development, acquisition, and maintenance activities over the useful life of a system or component.

Further Information

Please contact Norine Richards, Director for Bank Information Technology, at (202) 649-6550.

Grovetta N. Gardineer
Senior Deputy Comptroller for Bank Supervision Policy

Related Links

• "Development, Acquisition, and Maintenance"

Public link

Please use the above public link if you want to share this noodl on another website.