IT Controls Review
FFIEC / NCUA / FDIC
Our Information Security Managerial Controls Review (MCR) assesses the organizations security program including:
Information Systems Policies Review and Assessment
Technical Controls and Aggregate Security
Through interviews, documentation review and testing E3 evaluates an organizations adherence to a desired standard. This standard can be a specific security standard (like NIST) or industry best practice. Managerial and operational (policies and procedures) controls are the foundation of all organizational security controls.
IT managerial and operational controls should set the tone for the organization with regard information security. For nearly 20 years E3 has been providing credit unions with GAP assessments for their IT controls based on FFIEC, NCUA and state examination standards.