by Heath Stanley / Security Consultant

If you aren’t getting better then you are falling behind, and we feel that this applies to the current FFIEC guidelines we use to conduct our controls reviews and risk assessments. So instead of waiting on the FFIEC to release updated guidelines (that probably wouldn’t be as extensive as the scope we use) we are going to improve them ourselves. In the past, we have always audited beyond the scope of FFIEC guidelines, but now we will document it in improved fashion. To do this we have created a Framework Committee for the following reasons:

1. The FFIEC guidelines aren’t good enough. There are sections of these guidelines that have not been updated for several years and the guidelines don’t cover increasingly popular technologies such as VOIP or merchant capture. We will incorporate these best practices as well as any new technologies in our new framework.

2. Improved transparency. With our new framework our controls review will be laid out in plain English where our clients will be able to see the control that should be in place versus what control is actually in place. This way our clients will see exactly what we were trying to accomplish by looking at specific controls, as well as added flexibility for our consultants to decide which controls apply to which networks.

3. Added efficiencies. At every kickoff meeting we tell our clients that they may be asked the same question from several consultants. Well, we are trying to avoid this by removing redundancies within our current framework. This will reduce time on-site, reduce report sizes, increase transparencies in our reporting and most importantly, take up less of our clients’ valuable time.

4. Ongoing enhancements. As mentioned before we will now be able to incorporate new technologies into our framework as we see fit as well as improving our document request list, making E-Reviews possible and basically just improving the overall controls review process. This will be an ongoing process that doesn’t end with a new framework.

Don’t worry, we will still incorporate every line item of the FFIEC guidelines as well as some COBIT objectives and other (FedAdvantage, GLBA) auditing guidelines from the regulators. But now it will just be in an improved format that your auditors, executives and especially your examiners will like more.

Any suggestions for our reporting and new framework? Post up a comment and we’ll bring it up in our next meeting.

If you aren’t getting better then you are falling behind, and we feel that this applies to the current FFIEC guidelines we use to conduct our controls reviews and risk assessments. So instead of waiting on the FFIEC to release updated guidelines (that probably wouldn’t be as extensive as the scope we use) we are going to improve them ourselves. In the past, we have always audited beyond the scope of FFIEC guidelines, but now we will document it in improved fashion. To do this we have created a Framework Committee for the following reasons:

1. The FFIEC guidelines aren’t good enough. There are sections of these guidelines that have not been updated for several years and the guidelines don’t cover increasingly popular technologies such as VOIP or merchant capture. We will incorporate these best practices as well as any new technologies in our new framework.

2. Improved transparency. With our new framework our controls review will be laid out in plain English where our clients will be able to see the control that should be in place versus what control is actually in place. This way our clients will see exactly what we were trying to accomplish by looking at specific controls, as well as added flexibility for our consultants to decide which controls apply to which networks.

3. Added efficiencies. At every kickoff meeting we tell our clients that they may be asked the same question from several consultants. Well, we are trying to avoid this by removing redundancies within our current framework. This will reduce time on-site, reduce report sizes, increase transparencies in our reporting and most importantly, take up less of our clients’ valuable time.

4. Ongoing enhancements. As mentioned before we will now be able to incorporate new technologies into our framework as we see fit as well as improving our document request list, making E-Reviews possible and basically just improving the overall controls review process. This will be an ongoing process that doesn’t end with a new framework.

Don’t worry, we will still incorporate every line item of the FFIEC guidelines as well as some COBIT objectives and other (FedAdvantage, GLBA) auditing guidelines from the regulators. But now it will just be in an improved format that your auditors, executives and especially your examiners will like more.

Any suggestions for our reporting and new framework? Post up a comment and we’ll bring it up in our next meeting.

Hey everybody,

Been a crazy few weeks for The Garland Group and we hope very soon to post a video about our retreat experience that we had last week. For now, however, I wanted to wet your taste buds with a fun little video I posted while we were enjoying a day of sking. As Heath said, “Getting paid to ski, how awesome is that?!” It’s a little loud and a bit jumpy from the camera view (come on I was sking and holding the camera!) but I’m just happy I didn’t wipe out. The amount of fun we had pales in comparison to the amount of good quality improvements we came out of the retreat with…more on that soon.

Have a good weekend everyone!

Brad

Who We Are

Our “Who We Are” video is a brief introduction of each member of The Garland Group. Our company is comprised of many talented individuals with different backgrounds, all of which help make The Garland Group so unique.

What We Do

Our “What We Do” video gives some insight into each Garland Group employee’s duties within the company. Take a minute to learn a little bit about each person’s contributions to our success.

A Bit About Us (Haiku Style)

Want to know more about us on a personal level? Check out our “A Bit About Us” video featuring haikus written by each Garland Group employee. We put on our creative hats for this one.