Compliance Services
The mission of the Deltra System’s IT Compliance Department is to provide an independent and objective assurance designed to enhance and improve our internal and external customer’s operations. The Department aims to assist the Deltra System’s Clients in accomplishing its objectives by applying a systematic approach to evaluating and assessing risk management, controls, compliance mechanisms, and oversight processes.
Deltra Systems’ IT Compliance Department provides comprehensive services to our clients:
- IT Security Awareness Training
- IT Committee Meeting
- IT Federal / State Examination Audit Support
- IT Reports
- IT Third Party Examination Audit Support
- Vendor Management Review
IT Security Awareness Training:
IT Compliance conducts a yearly review of training courses and phishing email campaigns to our clients. The company utilizes a KnowBe4 training subscription, in which we subscribe to topics on IT Security Awareness and IT Phishing campaigns to our clients.
IT Committee Meeting:
IT Compliance conducts a monthly or quarterly IT Committee Meeting with our clients to review any outstanding issues related to IT. The meeting is held on-site or virtually, depending on the client’s request. The meeting minutes are compiled and sent to the client for record retention. The meeting minutes enable any IT-related topics to be presented to the board members or examiners regarding outcomes/updates to their current technical status.
IT Federal/State Examination Audit Support
IT Compliance provides our clients with Federal (i.e., FDIC, OCC) or State (i.e., Texas Department of Banking) IT Examination Support. The support includes the following:
- Analytical review of prior examinations(s)
- Comprehensive responses (if needed)
- Documentation review and support:
- Action Plan
- Policies
- Reports
- On-Site Assistance
IT Reports
IT Compliance compiles and distributes IT-related reports to help identify issues found provides by our clients. The process is worked with our Remote Monitoring and Management (RMM) to give a thorough sweep of all systems to ensure information is captured correctly.
The IT Compliance Department Reporting Matrix are listed below:
Report Type: | Due Date: | Report Frequency: |
Not Installed | 7th Business Date | Monthly |
Antivirus (AV) | 7th Business Date | Monthly |
Bomgar | 7th Business Date | Monthly |
Datto Backup | 7th Business Date | Monthly |
Resource Utility | 7th Business Date | Monthly |
Take Control (MSP) | 7th Business Date | Monthly |
Analysis Findings Summary | 15th Business Date | Monthly |
IT Calendar | 15th Business Date | Quarterly |
IPS Firewall Findings | 15th Business Date | Quarterly |
IPS Review | 15th Business Date | Monthly, Quarterly |
KnowBe4 | Varies* | Monthly, Quarterly |
Qualys | Varies* | Quarterly, Monthly, Bi-Annually |
* Report due date varies of the campaign and scheduled scans with clients.
IT Third Party Examination Audit Support
IT Compliance provides our clients with Third-Party (i.e., CoNetrix, Accume Partners) IT Examination Support. The support includes the following:
- Analytical review of prior examination(s)
- Comprehensive Responses, if needed
- Documentation Review and Support:
- Action Plan
- Policies
- Reports
Vendor Management
IT Compliance conducts a monthly review of information for our clients. The company utilizes Tandem as a system for an external review process. The review ensures all required documents are in the system and notify the clients to request updated information from their vendors.
IT Compliance conducts a monthly review of the following:
- Business Continuity Plan
- Disaster Recovery
- Business Impact Analysis
- Vendor Management
- Additional Assistance (Reviewed As Needed):
- Audit Management
- Reviewing IT Audits and Assessments
- Compliance Management
- Cybersecurity Risk Assessment Tool:
- Cyber Risk Management and Oversight
- Threat Intelligence and Collaboration
- Cyber Security Controls
- External Dependency Management
- Cyber Incident Management and Resilience
- Identity Theft Prevention
- Internet Banking Security
- Policies
- Risk Assessment
Optional IT Compliance Support Services
- IT Compliance Support Hourly Rate for services not included in the package: $125.00
- BCP Disaster Recovery Tabletop Test (Call for Quote)
- Set Bank Goals
- Select Functions (plans)
- Select Participants
- Establish Ground Rules
- Develop Disaster Scenario (e.g., Natural Disasters, Power Outages, etc.,)
- Confirm Assumptions
- Conduct Exercise
- Document/List Key Vendors
- Document Summary
- Incident Response Tabletop Test (Call for Quote)
- Set Bank Goals
- Select Functions (plans)
- Select Participants
- Establish Ground Rules
- Develop Incident Response Scenario (e.g., DDoS Attack, Cyber Attacks)
- Confirm Assumptions
- Conduct Exercise
- Document/List Key Contacts (e.g., Government Agencies, State Regulators, etc.,)
- Document Summary
- Social Engineering Testing (Call for Quote)
- Email Phishing Test
- Voice Phishing Test