PREVENT
Network
- Firewall and bastion controls
- Network controls
- Blacklisting
- Penetration testing
Host
- Build and hardening procedures
- Data loss prevention
- Desktop protection
- Email security
- Whitelisting
Application
- Enterprise Project Management methodology
- Application security
- Static application security testing
- Dynamic application security testing
- Application penetration and vulnerability testing
Data
- Access/authentication management
- Vulnerability Scanning
DETECT
- Egress monitoring
- Security event monitoring
- Threat intelligence
RESPOND
- Incident response
- Business continuity
- Disaster recovery
FIS Continuity Program
- Adequate business and technology
- Recovery plans
- Capabilities to manage recovery operations
- Identification of resiliency risks and rapid response during a DR event
- ISO 22301, the International Standard for Business Continuity Management. FIS achieved ISO 22301 certification for 11 US data centers and is expanding coverage internationally.
- Private Sector Preparedness Program sponsored by the U.S. Department of Homeland Security.
- Federal Financial Institutions Examination Council (FFIEC) Handbook.
- FIS internal audit reviews
- SOC1 and SOC2 assessment
- FFIEC audit reviews
- Client audits
- Dedicated FIS Continuity Office (CPO)
- Dedicated Business Continuity Managers
- Continuous training/education
- Based on ISO 22301 standards and FFIEC requirements
- Tested as part of the SOC1 and SOC2 audit process
- Regular threat and vulnerability risk assessment
- Comprehensive test program with client participation
- Governance by the FIS CPO
- Minimum N+1 resilient infrastructure
- Dual site data center configuration
- Daily off-site, encrypted backups (disk to disk technology)
The Continuity Program Office (CPO) oversees FIS' ability to provide:
The FIS Business Continuity Framework is based on:
PEOPLE
TECHNOLOGY
