Finding #6

Description *

Priority (1-4) Category 1 Category 2

Formatted Text *

Absence of Hardware and Software Lifecycle Management

Severity Level: Priority 1
Category: Asset Management / IT Operations
Description:
No system exists for tracking hardware and software lifecycles or assets, leading to outdated equipment and software without a replacement plan.

Impact:

Increased risk of using unsupported, vulnerable hardware and software.
Non-compliance with asset management standards, risking penalties.
Inefficient resource allocation due to lack of lifecycle planning.
Potential downtime from untracked hardware failures.

FFIEC Reference:

FFIEC IT Examination Handbook (November 2016):

“Institutions must maintain a lifecycle management plan for hardware and software.” (p. 21)
“Asset tracking ensures timely replacement and compliance.” (p. 22)

Recommendations:

Develop Lifecycle Plan: Create a system to track hardware and software lifecycles.
Implement Asset Tracking: Deploy an asset management tool for inventory control.
Schedule Replacements: Plan for timely upgrades of end-of-life assets.
Audit Assets: Conduct regular audits to ensure accurate tracking.

<h2 style="margin: 0in; font-size: 14pt; font-family: Arial, sans-serif; color: rgb(89, 89, 89); letter-spacing: 0.25pt;">Absence of Hardware and Software Lifecycle Management<o:p></o:p></h2>Severity Level: Priority 1 Category: Asset Management / IT Operations Description: No system exists for tracking hardware and software lifecycles or assets, leading to outdated equipment and software without a replacement plan.<o:p></o:p>Impact:<o:p></o:p><ul type="disc" style="margin-bottom: 0in;"><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">Increased risk of using unsupported, vulnerable hardware and software.<o:p></o:p></li><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">Non-compliance with asset management standards, risking penalties.<o:p></o:p></li><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">Inefficient resource allocation due to lack of lifecycle planning.<o:p></o:p></li><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">Potential downtime from untracked hardware failures.<o:p></o:p></li></ul>FFIEC Reference:<o:p></o:p><ul type="disc" style="margin-bottom: 0in;"><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">FFIEC IT Examination Handbook (November 2016):<o:p></o:p></li><ul type="circle" style="margin-bottom: 0in;"><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">“Institutions must maintain a lifecycle management plan for hardware and software.” (p. 21)<o:p></o:p></li><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">“Asset tracking ensures timely replacement and compliance.” (p. 22)<o:p></o:p></li></ul></ul>Recommendations:<o:p></o:p><ul type="disc" style="margin-bottom: 0in;"><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">Develop Lifecycle Plan: Create a system to track hardware and software lifecycles.<o:p></o:p></li><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">Implement Asset Tracking: Deploy an asset management tool for inventory control.<o:p></o:p></li><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">Schedule Replacements: Plan for timely upgrades of end-of-life assets.<o:p></o:p></li><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">Audit Assets: Conduct regular audits to ensure accurate tracking.<o:p></o:p></li></ul>

Back to list