TrustCC, Information Security Consulting & Compliance

• Home
• Industries
  • Financial Services
  • Healthcare
  • Retail
  • Government
  • Service Providers
  • Public Companies
  • Higher Education
  • Professional Services
• Solutions & Services
  • IT Compliance
    • GLBA Compliance
    • HIPAA Compliance
    • SOX 404 Compliance
    • PCI DSS Security Preparedness
    • TG-3 PIN Security
  • IT Audit
    • General Controls Audit
    • FFIEC Audit
  • IT Security Testing
    • Comprehensive Security Assessment
    • Penetration Testing
    • Mainframe Security
  • IT Policy and Program
    • Information Security Risk Assessment
      
    • Incident Response
    • IT Security and Compliance Training
    • Business Continuity Planning
    • Policy and Procedure Development
• Resources
  • Articles
  • Checklists and Samples
  • Presentation Materials
  • Case Studies
    • Penetration Testing Case Study
    • Social Engineering and Phishing Case Study
    • Outsourced IT Audit Case Study
    • Policy Development Case Study
  • Partners
  • Useful Links
• Company Info
  • The TrustCC Advantage
  • Management Team
  • Security/Audit Vendor Due Diligence
  • TrustCC's Internal Controls
  • Client Demographics
  • Code of Ethics
  • Job Openings
  • Contact Us
• News & Events
  • News & Press
  • Seminars and Training

Checklists and Samples

The samples and checklists below are written by TrustCC professionals to benefit the information security and financial services community.  You may have seen these materials referenced in various trade magazines or publications.  While we do not require registration to download the documents, we do appreciate your comments and suggestions for future materials.

Additional samples and checklists are available to clients and prospective clients who ask for additional samples.  If you have comments or suggestions, we encourage you to contact us so we can improve our materials.

• Member or Customer Information Security Risk Assessment .PDF (26K)
  Our current risk assessment template that ties reasonably foreseeable risks to countermeasures and tests of key controls.

• SAS70 Attestation Review Checklist.PDF (29K)
  A new checklist to help financial institutions document their review of vendors with custody of customer or member data.

• Vendor Due Diligence Checklist .PDF (29K)
  An accompaniment to the article titled, "Vendor Due Diligence - Filtering Out Security Vendor Rhetoric."  While designed for the selection of IT security and audit vendors, the checklist could certainly be used for other vendor types.
  

• Information Security Policy Framework .PDF (173K)
  TrustCC is often asked to provide guidelines for information security policies. This framework incorporates standard security policy topics for a variety of organizations in different industries. Policies should address responsibility, practices and oversight methods for each topic listed.

• Generic BCP Process Diagram .PDF (287K)
  One of the biggest challenges in business continuity planning is identifying which systems are critical to operations.  This process diagram provides an example of how you might want to diagram your key processes.

• Security Self Testing Guidelines .PDF (173K)
  Small financial institutions must comply with the same regulations as larger ones.  Some requirements can be quite onerous to the smaller institution.  One example is the GLBA requirement to regularly test key controls of the information security program.  The TrustCC guidelines associated with this link provide a means to perform some testing with competent internal staff.  While following these guidelines will NOT strictly comply with GLBA requirements, smaller financial institutions with very limited fiscal resources may not have a viable option.

If you have questions about using any of these resources, please contact us.  We are happy to help!