Cybersecurity: Joint Statement on Security in a Cloud Computing Environment

Summary

The Office of the Comptroller of the Currency (OCC), along with the other Federal Financial Institutions Examination Council (FFIEC) members,1 today issued a joint statement addressing the use of cloud computing services in the financial services sector. Security breaches involving cloud computing services highlight the importance of bank2 management's understanding of the shared responsibilities between cloud service providers and bank clients. Consistent with the joint statement, the OCC expects banks to engage in effective risk management for safe and sound cloud computing. This statement does not contain new regulatory expectations.

Note:

Note for Community Banks

The joint statement applies to community banks that use cloud computing services.

Highlights

The joint statement

• reminds management about the importance of understanding the division of responsibilities for implementing and managing controls over cloud computing operations that can result in operational failures or security breaches.
• highlights risk management practices and controls for the safe and sound use of cloud computing services.
• provides a list of government and industry resources and references to assist financial institutions using cloud computing services.

Further Information

Please contact Kevin Greenfield, Deputy Comptroller for Operational Risk, at (202) 649-6550. Grovetta N. Gardineer Senior Deputy Comptroller for Bank Supervision Policy

Related Link

• "Joint Statement on Security in a Cloud Computing Environment" (PDF)