Information Security Products

Account Auditor for Active Directory
Simplify your network operating system user account review process and reduce IT Audit findings with the Account Auditor for Active Directory.

Financial institutions must perform periodic reviews of Network User Access to ensure that it conforms to the institution’s policies. The Account Auditor for Active Directory works with your Windows® operating system to export and analyze a list of Active Directory accounts to identify the following:

  • Group memberships for each account
  • Dormant accounts
  • Disabled accounts
  • Accounts with passwords that do not expire
  • Accounts with passwords that have not been changed within the past year



Cybersecurity Assessment Workbook
This Excel-based workbook is designed to allow a financial institution to complete the FFIEC’s Cybersecurity Assessment Tool in an electronic format that automatically summarizes the results of the data entered to save the institution time while providing accurate documentation for the assessment. The workbook assists in the identification of the Inherent Risk Profile and the evaluation of the financial institution’s Cybersecurity Maturity Level for the five domains identified by the FFIEC. Financial institutions should consider completing the cybersecurity assessment annually and prior to offering any new products or services.



Cybersecurity Policy
Written to assist all affected directors, officers, and staff in understanding and managing cyber risks. Topics include threat intelligence, situational awareness, risk assessment, inventory log management and monitoring, strategic planning, incident response, change management, staffing, training, and vendor management.



Incident Response Plan
Lays out the steps to be followed should a bank experience a breach of data or loss of customer information. Includes an Incident Response policy, steps to take for specific types of incidents, a sample customer notification letter, and an incident response form.



SSAE-16 Review Checklist
As part of its vendor review process, your bank must conduct an SSAE-16 review for applicable vendors to gauge the controls in place to protect the confidentiality, availability, and integrity of data and processing capabilities. The SSAE-16 Checklist will assist your bank with its SSAE-16 review by providing a list of items to evaluate for each SSAE-16, a method for risk rating the results, and documentation to attach with the overall vendor review.


  1. Customizable SSAE-16 Checklist
  2. Customizable SSAE-16 Control Review
  3. SSAE-16 User Guide



Threat Intelligence Program
This product includes:

  • Threat Intelligence Program: Documents the requirements for the institution’s threat intelligence program, including: threat intelligence sources, the monitoring process, the analysis and response process, documentation requirements, and the reporting process
  • Threat Tracking Summary Worksheet: Microsoft® Excel-based workbook for tracking threat notifications and responses
  • Threat Tracking Detail Worksheet: Microsoft Word-based worksheet for tracking details about the threat analysis and response process performed for each specific threat
  • Information Systems Event Management Policy: Policy template that documents the requirements for information systems event management procedures
  • Event Management Procedures for Specific Systems Worksheet: Excel-based workbook for documenting the event management procedures for each information system



Vendor Risk Management Policy
Provides guidance on managing the risks that may arise from outsourced relationships, including responsibilities, risk assessment, due diligence, contracts, security and confidentiality, controls, business resumption, and monitoring.



Vendor Risk Management Toolkit
Contains all the necessary pieces to successfully manage the risk associated with your vendors, including a Vendor Risk Management Policy, SSAE-16 Review Checklist, and the Vendor Risk Management Workbook.



Vendor Risk Management Workbook
Designed to assist your bank in performing and documenting scheduled reviews of its critical vendors that have access to non-public information. Monitors financial condition, contract/vendor background, controls, performance, and business continuity of your bank’s critical vendors. Provides a centralized location for storing all vendor reviews and an easy-to-use way to document your vendors’ safety and soundness to your board and examiners. Allows you to create Next Review and Cancellation Reminders in your Microsoft Outlook calendar to stay up-to-date with your reviews. Includes an easy-to-use Microsoft® Excel spreadsheet to maintain all vendor reviews and instructions for completing the worksheet.