Nos derniers articles

A joint initiative by the American Bankers Association and the Financial Services Coordinating Council supports expanding cloud deployment while aiming to mitigate associated risks. Published July 29, 2025, the ABA Banking Journal outlines collaboration among federal regulators, banks and major cloud providers (AWS, Microsoft Azure, Google Cloud, IBM). It highlights key risks—such as CSP‑related operational incidents, misconfigurations under shared‑responsibility models, monitoring gaps, tool and talent deficiencies, and market concentration. The article details a voluntary 16‑section reference tool covering audit, supply‑chain risk, contractual provisions, operational resilience and more. It aims to enhance transparency, cyber‑resilience and regulatory alignment in cloud adoption.

This comprehensive report from 𝗘𝗜𝗢𝗣𝗔 provides a 𝗳𝗼𝗹𝗹𝗼𝘄-𝘂𝗽 𝘁𝗼 𝗮 𝗽𝗲𝗲𝗿 𝗿𝗲𝘃𝗶𝗲𝘄 𝗼𝗻 𝗼𝘂𝘁𝘀𝗼𝘂𝗿𝗰𝗶𝗻𝗴, assessing the progress made by 𝗡𝗮𝘁𝗶𝗼𝗻𝗮𝗹 𝗦𝘂𝗽𝗲𝗿𝘃𝗶𝘀𝗼𝗿𝘆 𝗔𝘂𝘁𝗵𝗼𝗿𝗶𝘁𝗶𝗲𝘀 (𝗡𝗦𝗔𝘀) in strengthening their oversight of 𝗼𝘂𝘁𝘀𝗼𝘂𝗿𝗰𝗶𝗻𝗴 𝘄𝗶𝘁𝗵𝗶𝗻 𝘁𝗵𝗲 𝗶𝗻𝘀𝘂𝗿𝗮𝗻𝗰𝗲 𝘀𝗲𝗰𝘁𝗼𝗿. It details the 𝗺𝗲𝘁𝗵𝗼𝗱𝗼𝗹𝗼𝗴𝘆 used, the 𝘀𝗰𝗼𝗽𝗲 of the review, and the 𝗲𝘃𝗮𝗹𝘂𝗮𝘁𝗶𝗼𝗻 𝗰𝗿𝗶𝘁𝗲𝗿𝗶𝗮 applied to recommended actions. The document highlights 𝘀𝗶𝗴𝗻𝗶𝗳𝗶𝗰𝗮𝗻𝘁 𝗮𝗱𝘃𝗮𝗻𝗰𝗲𝗺𝗲𝗻𝘁𝘀 by NSAs in areas such as 𝗼𝘂𝘁𝘀𝗼𝘂𝗿𝗰𝗶𝗻𝗴 𝗳𝗿𝗮𝗺𝗲𝘄𝗼𝗿𝗸𝘀, 𝗻𝗼𝘁𝗶𝗳𝗶𝗰𝗮𝘁𝗶𝗼𝗻 𝗽𝗿𝗼𝗰𝗲𝘀𝘀𝗲𝘀, 𝗮𝗻𝗱 𝗱𝗼𝗰𝘂𝗺𝗲𝗻𝘁𝗮𝘁𝗶𝗼𝗻 𝗺𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁, with many recommended actions being 𝗳𝘂𝗹𝗳𝗶𝗹𝗹𝗲𝗱 𝗼𝗿 𝗽𝗮𝗿𝘁𝗶𝗮𝗹𝗹𝘆 𝗳𝘂𝗹𝗳𝗶𝗹𝗹𝗲𝗱. However, it also identifies 𝗿𝗲𝗺𝗮𝗶𝗻𝗶𝗻𝗴 𝗴𝗮𝗽𝘀, particularly in 𝗼𝗳𝗳-𝘀𝗶𝘁𝗲 𝘀𝘂𝗽𝗲𝗿𝘃𝗶𝘀𝗶𝗼𝗻 and the 𝗳𝘂𝗹𝗹 𝗼𝗽𝗲𝗿𝗮𝘁𝗶𝗼𝗻𝗮𝗹𝗶𝘇𝗮𝘁𝗶𝗼𝗻 𝗼𝗳 𝘀𝘂𝗽𝗲𝗿𝘃𝗶𝘀𝗼𝗿𝘆 𝘁𝗼𝗼𝗹𝘀, emphasizing the need for 𝗰𝗼𝗻𝘁𝗶𝗻𝘂𝗲𝗱 𝗲𝘃𝗼𝗹𝘂𝘁𝗶𝗼𝗻 𝗼𝗳 𝘀𝘂𝗽𝗲𝗿𝘃𝗶𝘀𝗼𝗿𝘆 𝗽𝗿𝗮𝗰𝘁𝗶𝗰𝗲𝘀 to ensure effective and continuous oversight of outsourcing arrangements.

A structured IT outsourcing risk management policy is crucial for navigating third-party service complexities. This study proposes a framework integrating IT outsourcing principles with COBIT standards, covering risk identification, analysis, mitigation, and ongoing monitoring. Implementing this policy enhances organizational asset protection, operational continuity, and minimizes outsourcing risks. It improves information security and business process efficiency. This framework provides practical guidance for organizations to effectively manage risks and optimize IT outsourcing value.