Secured by Design

3LINE

DEFENSE MODEL

Following the operational risk standards set by Basel II and adhering to other regulatory guidelines.

PREVENT

Network
  • Firewall and bastion controls
  • Network controls
  • Blacklisting
  • Penetration testing
Host
  • Build and hardening procedures
  • Data loss prevention
  • Desktop protection
  • Email security
  • Whitelisting
Application
  • Enterprise Project Management methodology
  • Application security
  • Static application security testing
  • Dynamic application security testing
  • Application penetration and vulnerability testing
Data
  • Access/authentication management
  • Vulnerability Scanning

DETECT

  • Egress monitoring
  • Security event monitoring
  • Threat intelligence

RESPOND

  • Incident response
  • Business continuity
  • Disaster recovery

FIS Continuity Program

The Continuity Program Office (CPO) oversees FIS' ability to provide:
  • Adequate business and technology
  • Recovery plans
  • Capabilities to manage recovery operations
  • Identification of resiliency risks and rapid response during a DR event
The FIS Business Continuity Framework is based on:
  • ISO 22301, the International Standard for Business Continuity Management. FIS achieved ISO 22301 certification for 11 US data centers and is expanding coverage internationally.
  • Private Sector Preparedness Program sponsored by the U.S. Department of Homeland Security.
  • Federal Financial Institutions Examination Council (FFIEC) Handbook.
The FIS Business Continuity program is closely audited at multiple levels:
  • FIS internal audit reviews
  • SOC1 and SOC2 assessment
  • FFIEC audit reviews
  • Client audits


PEOPLE
  • Dedicated FIS Continuity Office (CPO)
  • Dedicated Business Continuity Managers
  • Continuous training/education
PROCESS
  • Based on ISO 22301 standards and FFIEC requirements
  • Tested as part of the SOC1 and SOC2 audit process
  • Regular threat and vulnerability risk assessment
  • Comprehensive test program with client participation
  • Governance by the FIS CPO
TECHNOLOGY
  • Minimum N+1 resilient infrastructure
  • Dual site data center configuration
  • Daily off-site, encrypted backups (disk to disk technology)