As IT environments are becoming increasingly complex, more community financial institutions are looking to outsource monitoring and management of some of their entire IT infrastructure. As anyone who has ever been part of a new product or service implementation knows, there are times when certain items seem to fall off the radar. Of course, this does not always happen intentionally. Given the complexity of implementing new products and services, especially a managed IT service, it is likely that steps to address risk/compliance will either be overlooked or postponed to be dealt with at a more convenient time.
This is concerning to me because compliance should be considered and addressed during each step of a managed IT service roll out; before, during and after the process. Initially, incorporating a managed IT service into your network will impact your IT Strategic Plan and Vendor Management service level standards. Specifying and clarifying performance expectations for vendor relationships and measuring to these standards are important risk/compliance objectives as well as examiner expectations. Consider, for example, how a managed IT service will impact your infrastructure needs (current and future), IT and business innovation objectives, and risk/regulatory requirements. These items should be documented in your IT Strategic Plan. Appropriate due diligence must also be completed for managed IT services, especially given the criticality of the service to your institution.
Your existing policies and procedures will certainly be impacted when outsourcing any level of IT management. Changes to your governance structure or assignment of responsibilities are a prime example of this. To expand on this idea a bit more:
At the end of the day, your ability to document your institution’s risk and compliance efforts will prove essential. You should be able to demonstrate to examiners that you have addressed the additional compliance elements that come with sharing IT management with an outside service provider and that you can prove that the vendor is doing the job they contracted to perform for your financial institution. Remember, implementing and overseeing a managed IT service doesn’t stop with deployment. Managed IT services are incredibly beneficial partnerships for community financial institutions looking to improve not only their IT environment, but also business innovation and productivity. Including risk/compliance initiatives as pieces of the managed IT Services puzzle will help to ensure your IT environment is operating at its most effective state.
Stay up to date with the latest people-inspired innovation at Jack Henry.
Learn more about people-inspired innovation at Jack Henry.
Who We Serve
What We Offer
Who We Are