The mission of the Deltra System’s IT Compliance Department is to provide an independent and objective assurance designed to enhance and improve our internal and external customer’s operations. The Department aims to assist the Deltra System’s Clients in accomplishing its objectives by applying a systematic approach to evaluating and assessing risk management, controls, compliance mechanisms, and oversight processes.

IT Compliance Department provides comprehensive services to our clients:

  • IT Security Awareness Training
  • IT Committee Meeting
  • IT Federal/State Examination Audit Support
  • IT Reports
  • IT Third Party Examination Audit Support
  • Vendor Management Review

 

IT Security Awareness Training

IT Compliance conducts a yearly review of training courses and phishing email campaigns to our clients. The company utilizes a KnowBe4 training subscription, in which we subscribe to topics on IT Security Awareness and IT Phishing campaigns to our clients.

 

IT Committee Meeting

 

IT Compliance conducts a monthly or quarterly IT Committee Meeting with our clients to review any outstanding issues related to IT. The meeting is held on-site or virtually, depending on the client’s request. The meeting minutes are compiled and sent to the client for record retention. The meeting minutes enable any IT-related topics to be presented to the board members or examiners regarding outcomes/updates to their current technical status.

 

IT Federal/State Examination Audit Support

IT Compliance provides our clients with Federal (i.e., FDIC, OCC) or State (i.e., Texas Department of Banking) IT Examination Support. The support includes the following:

 

  • Analytical review of prior examination(s)
  • Comprehensive Responses, if needed
  • Documentation Review and Support:
    • Action Plan
    • Policies
    • Reports
  • On-Site Assistance
IT Reports

IT Compliance compiles and distributes IT-related reports to help identify issues found provides by our clients. The process is worked with our Remote Monitoring and Management (RMM) to give a thorough sweep of all systems to ensure information is captured correctly.

The IT Compliance Department Reporting Matrix are listed below:

 

Report TypeDue DateReport Frequency
Not Installed7th Business DateMonthly
Anti-Virus (AV)7th Business DateMonthly
Bomgar7th Business DateMonthly
Datto Back-Up7th Business DateMonthly
Resource Utility7th Business DateMonthly
Take Control (MSP)7th Business DateMonthly
Analysis Findings Summary15th Business DateMonthly
IT Calendar15th Business DateMonthly
IPS Firewall Findings15th Business DateQuarterly
IPS Review15th Business DateQuarterly
KnowBe4*VariesMonthly, Quarterly
Qualys*VariesQuarterly, Annually, Bi-Annual

 

* Report due date varies off the campaign and scheduled scans with clients

IT Third Party Examination Audit Support

IT Compliance provides our clients with Third-Party (i.e., CoNetrix, Accume Partners) IT Examination Support. The support includes the following:

  • Analytical review of prior examination(s)
  • Comprehensive Responses, if needed
  • Documentation Review and Support:
    • Action Plan
    • Policies
    • Reports
Vendor Management

IT Compliance conducts a monthly review of information for our clients. The company utilizes Tandem as a system for an external review process. The review ensures all required documents are in the system and notify the clients to request updated information from their vendors.

IT Compliance conducts a monthly review of the following:

  • Business Continuity Plan
    • Disaster Recovery
    • Business Impact Analysis
  • Vendor Management
  • Additional Assistance Reviewing as needed:
    • Audit Management
    • Reviewing IT Audits and Assessments
    • Compliance Management
    • Cybersecurity Risk Assessment Tool
      • Cyber Risk Management and Oversight
      • Threat Intelligence and Collaboration
      • Cyber Security Controls
      • External Dependency Management
      • Cyber Incident Management and Resilience
    • Identity Theft Prevention
    • Internet Banking Security
    • Policies
    • Risk Assessment
 Optional IT Compliance Support Services
  1. IT Compliance Support Hourly Rate for services not included in the package: $125.00
  2. BCP Disaster Recovery Tabletop Test (Call for Quote)
    1. Set Bank Goals
    2. Select Functions (plans)
    3. Select Participants
    4. Establish Ground Rules
    5. Develop Disaster Scenario (e.g., Natural Disasters, Power Outages, etc.,)
    6. Confirm Assumptions
    7. Conduct Exercise
    8. Document/List Key Vendors
    9. Document Summary
  3. Incident Response Tabletop Test (Call for Quote)
    1. Set Bank Goals
    2. Select Functions (plans)
    3. Select Participants
    4. Establish Ground Rules
    5. Develop Incident Response Scenario (e.g., DDoS Attack, Cyber Attacks)
    6. Confirm Assumptions
    7. Conduct Exercise
    8. Document/List Key Contacts (e.g., Government Agencies, State Regulators, etc.,)
    9. Document Summary
  4. Social Engineering Testing (Call for Quote)
    1. Email Phishing Test
    2. Voice Phishing Test