SERVICES

   

RedTorch Tech Plan – Our most affordable and efficient strategic technology planning service, as it is delivered via Zoom or Teams.  Includes: 1) survey of the bank’s employees to assess customer and employee satisfaction plus tech utilization; 2) technology assessment of the bank’s operations, business processes, and digital services; 3) review of vendor management effectiveness and tech provider contracts; 4) recommendations designed to improve six primary areas (Customer Experience, Financial Performance, Employee Productivity, Operational Efficiency, Digital Marketing, Cybersecurity and Risk Management); 5) overview of current tech trends in banking; 6) Digital Services Scorecard to monitor customer use trends and transaction volumes; and 7) formal strategic technology plan that clearly communicates objectives, priorities, and responsibilities.  The bank’s formal strategic technology plan is delivered within 24 hours of completing the technology planning session.



RedTorch Tech Plan PLUS On-Site Planning Session – Includes all the features of the standard RedTorch Tech Plan PLUS facilitation of an on-site planning session with bank management.  This on-site session helps all stakeholders get on the same page, in the same room, to discuss the bank’s use of technology and how it supports the bank’s business goals.  The bank’s strategic technology plan is developed live as the planning session progresses and delivered within 24 hours of session wrap-up.



System Selection – Consultation regarding any bank system selection, including Requests for Proposals (RFPs), investment analyses, and vendor profiles.



CEO Tech Advisory – Trusted and independent advice, in plain English, to the bank’s CEO regarding the bank’s use of technology, personnel performance, and vendor value.



Board Education – Informative and educational presentations to the bank’s directorate on a variety of technology, cybersecurity, and risk management issues. Complex issues are presented in layman’s terms with real-world examples instead of hyperbole. Delivered with the business of banking and high performance in mind.



Customer Education – Entertaining and informative programs designed to help the bank’s customers better understand the bank’s role in using technology to deliver services in a safe and sound manner. Educates customers on what they can do to mitigate the risk of Corporate Account Takeover (CATO) incidents and helps promote awareness of how customers can collaborate with the bank to improve their operations.



IT Personnel Coaching – Expert coaching of the bank’s IT personnel to help them understand that the bank is a for-profit business and that technology is a means to an end (a tool) to help the bank perform at a high level while delivering outstanding customer service in an efficient manner. We cover the best practices in bank technology and operations, giving your people the knowledge to succeed.



Contract Review – A review of the bank’s technology contracts to determine notification requirements, terms, and possible price breaks. The goal is to determine if the bank has the best possible vendor relationships and is paying a fair price for the value received. We apply our extensive knowledge of the technology services providers (TSPs) in the banking industry to help the bank secure the best possible arrangements with its providers.



Organizational Review – A review of the bank’s operations and technology organizational structure to determine if the people, processes, and technology are aligned for high performance.



M&A Tech Due Diligence – We assist the acquiring bank in determining the acquired bank’s technology service provider (TSP) relationships, related contracts, costs to terminate such contracts, and the path to converting the acquired bank to the acquiring bank’s systems. Potential pitfalls are examined and highlighted for consideration.



Operational Efficiency Reviews – An analysis of bank operations to identify cost-saving and revenue-generating opportunities.



Speaking Engagements – Access to nationally recognized speakers on the Sawyers & Jacobs team who can deliver customized presentations to your bank or industry group. We offer special consideration to our clients and design seminars and conferences for your employees or customers.



RedTorch Academy-Cybersecurity Board Training – Informative and educational presentations to the bank’s directorate on a variety of technology, cybersecurity, and risk management issues. Complex issues are presented in layman’s terms with real-world examples instead of hyperbole. Delivered with the business of banking and high performance in mind.



RedTorch Academy-Security Awareness Education – Annual Security Awareness Education is required by the Gramm-Leach-Bliley Act (GLBA) as part of a bank’s efforts to safeguard customer information. Such education is also imperative to preserving a bank’s reputation and customer trust.

To maintain compliance with federal and state banking laws, regulations, and guidelines, this online, on-demand, Security Awareness Education session will allow bank employees to view the session on a smartphone, tablet, laptop, or desktop computer. The session allows one to pause and play, setting the pace as desired.



RedTorch Academy-Information Security Officer (ISO) Training – Based upon our live presentation, which is familiar to many bankers across the nation, Sawyers & Jacobs has developed an excellent six-module on-demand training program specifically for Information Security Officers.  Whether you are a new ISO or a seasoned veteran ISO, the information security landscape shifts daily, requiring continuous education and constant diligence.  Staying on top of the latest trends, practical approaches, and regulatory expectations can be daunting.  Let the Sawyers & Jacobs team make your life “ISO-easier” through these entertaining and informative sessions.



Cybersecurity Risk Assessment – Using our customized, proven cybersecurity risk assessment model as part of our RiskRaptor™ system, we help your bank establish its cybersecurity risk appetite and cybersecurity profile while identifying threats and trends, assessing your bank’s specific cybersecurity risk, and offering suggested mitigating controls designed to reduce risk. The Cybersecurity Risk Assessment culminates in a color-coded, comprehensive, practical summary of the bank’s cybersecurity risk. An executive summary is provided for board reporting and examiner presentation.  Includes facilitation of the FFIEC Cybersecurity Assessment Tool (CAT) and the Ransomware Self-Assessment Tool (R-SAT) as part of this comprehensive package.



Enterprise Risk Assessment (ERA) – Using our proven Enterprise Risk Assessment models, we facilitate a high-level, enterprise-wide assessment of your bank’s risk in 14 bank-specific areas. Color-coded and easy to interpret, our ERA is designed to help bank management and the board of directors manage risk within the bank’s risk appetite and navigate a rapidly changing marketplace.



Enterprise Risk Management (ERM) – We offer quarterly reporting and monitoring of the bank’s financial performance to round out an Enterprise Risk Management (ERM) program. Through our alliance with our friends at Seifried & Brew LLC, we offer a practical, community bank-oriented approach to ERM. Schedule a free consultation and receive a copy of our book, The Art of Enterprise Risk Management for Community Banks.



Gramm-Leach-Bliley Act (GLBA) Information Security Risk Assessment – A color-coded, quantitative risk assessment of the bank’s information security in accordance with the GLBA. We ask the right questions and identify the threats that will help your bank reduce risk and establish prudent information security safeguards. Board reporting and consultation is provided.



Information Security Program Updates – Pursuant to Section 50l(b) of the Gramm-Leach-Bliley Act (GLBA), all banks are required to have an Information Security Program that is reviewed and approved by the board of directors each year. This program complements the GLBA Information Security Risk Assessment and is an important component in the bank’s GLBA compliance efforts. We help the bank by providing suggested content, updates based on recent trends and requirements, and expert advice on information security safeguards.



Electronic Banking and Online Services Risk Assessment – A risk assessment of the bank’s online and electronic banking services in accordance with regulatory guidelines on such services and related controls such as multifactor authentication. Serves to identify and mitigate risk in this critical area.



Corporate Account Takeover (CATO) Risk Assessment – A risk assessment of the identified threats, likelihood of occurrence, and potential impact of a Corporate Account Takeover (CATO) event on the bank and its customers.



Mobile Banking Risk Assessment – A threat-based risk assessment designed to assess the risk of mobile banking services.



Remote Deposit Capture (RDC) Risk Assessment – Commercial Accounts – A risk assessment per the January 2009 regulatory guidelines for Remote Deposit Capture (RDC). Identifies the latest threats to RDC process and systems.



Mobile Deposit Capture Risk Assessment – Consumer Accounts – Identifies potential threats to this digital service, provides a quantitative measurement of risk, and establishes mitigating controls to reduce the bank’s exposure to an acceptable level.



Identity Theft Red Flags Risk Assessment – This required risk assessment, per the FACT Act, assists the bank with identifying covered accounts maintained by the bank, recognizing “Red Flags” which should trigger the bank’s ID Theft Prevention Program, and documenting controls the bank has implemented to respond to “Red Flags.”



Cloud Computing Risk Assessment – A risk assessment designed to identify and measure risk regarding cloud computing services, establish mitigating controls designed to reduce these risks, and protect bank and customer information.



Vendor Management Risk Assessment – A detailed risk assessment that aids bank management with classifying vendors based on criticality. This user-friendly risk assessment contains detailed questions that inquire about the bank’s vendors. Once the questions are answered, the risk assessment assists bank management in identifying vendors who may pose a higher risk to the bank’s environment. The risk assessment meets current regulatory guidelines.



RiskRaptor™ Vendor Management Program with Risk Assessment – This 14-point Vendor Management Program is designed to provide oversight of the bank’s key vendors in accordance with current banking laws, regulations, and guidelines. The program allows bank management to establish sound business practices for vendor evaluation, selection, and management.



Social Media Risk Assessment – A color-coded, quantitative risk assessment of threats related to the bank’s use of social media (e.g., Facebook, Twitter, YouTube, LinkedIn).



Instant Issue Debit Card Risk Assessment – A risk assessment designed to help the bank identify and measure risk related to the on-site fulfillment of customer debit cards.



Regulatory Support – Support and consultation regarding IT examination prep, coordination, exit meeting, and response. We will represent your bank in board meetings with examiners and help translate regulatory requirements in the cybersecurity and technology areas while understanding that the bank is a for-profit entity.



IT Exam Prep – We help your bank prepare for its next IT exam by coaching your people on regulatory hot buttons and helping them prepare your documentation for examiner review. We also provide ongoing consultation regarding regulatory issues related to cybersecurity and technology.



Business Continuity Plan Review – Review or development of a bank-wide Business Continuity Plan designed to address natural, technical, and human-caused disasters.



Business Continuity Plan Tabletop Testing – We use our proven model to facilitate a review of multiple disaster scenarios, the bank’s preventive measures, and action plans for each disaster event.  Cybersecurity incident response tabletop testing is also available as a specialized service.



Business Continuity Plan Risk Assessment – A color-coded, quantitative risk assessment of multiple disaster scenarios to determine the most likely and highest risk disasters.



Physical and Environmental Security Review – A review of the Bank’s physical and environmental security designed to strengthen the Bank’s protective measures and safeguards.



Business Impact Analysis – An analysis of key business functions, related timeframes for recovery, and financial impact. This process documents the maximum tolerable downtime (MTD), recovery time objective (RTO), recovery point objective (RPO), and financial impact of each disrupted business function.



Internal Controls Risk Assessment – A risk assessment to assist with the bank’s internal audit planning. The risk assessment process includes identifying key audit areas and determining each area’s risk. This information helps the bank’s internal audit department with audit plan development, audit scheduling, and allocating resources effectively.

 

AlphaWolf Scanner™ – Provides quarterly vulnerability scanning to assist Bank management in identifying and remediating vulnerabilities on the bank’s internal and external network.  Quarterly internal and external scans are performed to assess the bank’s external network perimeter and internal network for known security vulnerabilities that could be exploited by attackers.  A physical or virtual device is placed on the bank’s internal network to facilitate internal vulnerability scanning.  This service satisfies the guidance in the “Information Security” booklet of the FFIEC Information Technology Examination Handbook for banks to perform periodic vulnerability scanning.  In addition, we use proprietary searches to cross-reference discovered vulnerabilities against the Cybersecurity & Infrastructure Agency (CISA) known exploited vulnerabilities database, commercial exploit toolsets, and other publicly available exploit code repositories.  Quarterly detailed reports outlining discovered vulnerabilities and recommended fixes are submitted to bank management.



AlphaWolf Scanner™ PLUS Vulnerability Remediation – Includes all features of the standard AlphaWolf Scanner™ PLUS vulnerability remediation consulting services to assist the bank’s staff with patch management, patch deployment using the bank’s patch management software, and configuration changes for vulnerability mitigation.  Includes unlimited vulnerability rescans within the quarter to verify vulnerability remediation is successful.  Vulnerability remediation consulting time includes up to 80 consulting hours per quarter.



Cybersecurity Assessment – A review of the Bank’s network security posture in accordance with industry best practices. Includes penetration testing, social engineering, and vulnerability scanning. Designed to offer helpful and practical advice to bank management and technical staff. Our team understands the business of banking, the regulatory environment, bank technology service providers, and the most current cybersecurity threats. We apply real-world experience to help the bank mitigate cybersecurity risk in a rapidly changing world where cybercriminals are attacking banks on a 24/7 basis.



IT Review – A review of IT controls in accordance with the Federal Financial Institutions Examination Council’s (FFIEC’s) guidelines and industry best practices. We apply our banking experience to help bank management address the controls necessary to maintain a safe and sound banking operation while complying with applicable laws, regulations, and guidelines, yet competing effectively in an increasingly open and interconnected world.



FedLine Assurance Program Review – A review designed to satisfy the requirements for the annual Security and Resiliency Assurance Program for FedLine Solutions, allowing the completion of the attestation by authorized bank personnel.  The scope of our FedLine Assurance Program Review references framework and security controls highlighted by the Federal Reserve Bank.  Our workstation sample for the testing portion of the review includes up to ten bank machines.



Limited-Scope Penetration Testing – Included in a full-scope Cybersecurity Assessment. Testing the bank’s network security by attempting to safely exploit vulnerabilities and offering recommendations for remediation.



Full-Scope Penetration Testing – Up to 40 hours of dedicated penetration testing services provided by a certified penetration testing consultant.  This will include attempted credential harvesting to externally access bank systems including email (hosted or on-premises), virtual private network (VPN) and other discovered cloud services.  Additionally, the bank will provide access to an on-site workstation and a standard user-level account so that local privilege escalation attacks can be explored as well as unauthorized access to network machines.  Additional hours are available via a customized quote.



Ransomware Readiness Test and Simulation – Evaluates the effectiveness of the bank’s security application(s) to detect and mitigate the risk of real-world ransomware malware from running in the bank’s environment.  This test and simulation will use real-world ransomware, not tools designed to “look like” ransomware or to just simulate real ransomware activity.  This test will seek to assess the effectiveness of the bank’s signature and behavioral-based antivirus/antimalware/endpoint detection and response (EDR) software and the bank’s Managed Detection and Response (MDR) provider’s alerting and quarantining capabilities.



External Vulnerability Scanning – Included in a full-scope Cybersecurity Assessment. Assessing the bank’s network perimeter for known security vulnerabilities which could be exploited by hackers. Detailed reporting is provided. A snapshot in time and a one-time scan. Ongoing scanning is available with the AlphaWolf Scanner™ and vulnerability remediation services are available with AlphaWolf Scanner™ PLUS Vulnerability Remediation.



Internal Vulnerability Scanning – Included in a full-scope Cybersecurity Assessment. Assessing the bank’s internal systems for known security vulnerabilities, which could be exploited by hackers, and missing patches, which should be applied to remedy such vulnerabilities.  A snapshot in time and a one-time scan.  Ongoing scanning is available with the AlphaWolf Scanner™ and vulnerability remediation services are available with AlphaWolf Scanner™ PLUS Vulnerability Remediation.



Social Engineering/Simulated Phishing Attack – Included in a full-scope Cybersecurity Assessment. Professionally delivered spear phishing tests designed to test the effectiveness of your bank’s security awareness education efforts and teach your employees how to identify and respond to security threats.



Website Vulnerability Assessment – Included in a full-scope Cybersecurity Assessment. We review your bank’s website for vulnerabilities that could be exploited by hackers to disable, vandalize, or alter your website and its content.



Backup Assessment – An assessment to determine what data is being backed up and what gaps exist that might endanger the bank’s recovery capability.



Cybersecurity Risk Assessment – Using our customized, proven cybersecurity risk assessment model as part of our RiskRaptor™ system, we help your bank establish its cybersecurity risk appetite and cybersecurity profile while identifying threats and trends, assessing your bank’s specific cybersecurity risk, and offering suggested mitigating controls designed to reduce risk. The Cybersecurity Risk Assessment culminates in a color-coded, comprehensive, practical summary of the bank’s cybersecurity risk. An executive summary is provided for board reporting and examiner presentation.  Includes facilitation of the FFIEC Cybersecurity Assessment Tool (CAT) and the Ransomware Self-Assessment Tool (R-SAT) as part of this comprehensive package.



Security Awareness Education – A self-paced presentation that educates bank employees regarding security do’s and don’ts and compliance with bank security policies. Presented in layman’s terms and designed to help your employees do the right thing when they encounter security threats. The training is accompanied by a test designed to reinforce what was learned in the one-hour security awareness presentation.



Cybersecurity Education for Board Members – An informative and educational presentation to the bank’s directorate on one of the most important topics in banking … cybersecurity. Complex issues are presented in layman’s terms with real-world examples instead of hyperbole and sensationalism. Because we teach cybersecurity classes at banking schools, industry conferences, and universities, we are uniquely qualified to deliver this important education to your board of directors.



Cybersecurity Education for Customers – Entertaining and informative programs designed to help customers better understand the bank’s role in using technology to deliver bank services in a safe and sound manner. Educates customers on what they can do to mitigate the risk of Corporate Account Takeover (CATO) and other cybersecurity incidents. Helps promote awareness of how customers can collaborate with the bank to improve their operations. Delivered online or live. Excellent opportunity for community outreach.



Cybersecurity Incident Response Tabletop Test – We use our proven model to facilitate a review of multiple cybersecurity incident scenarios, the bank’s preventive measures, and action plans for each cybersecurity incident event.



Annual Information Security Officer (ISO) Education – This entertaining, informative, industry-specific training will provide the bank’s Information Security Officer with the knowledge and confidence necessary to take on this important responsibility.



Network Design and Installation – Determining network specifications, designing, and installing the bank’s network and/or related components.



Network Health/Performance Assessment – A review of your bank’s network to assess its health and performance and to provide an early warning of possible disruptions and system failures. Maintaining a network to operate at an acceptable level is akin to one eating right and exercising to avoid a heart attack. Let us give your network the checkup it needs to give bank management confidence that applications will be available and responsive so the business of banking can flow unimpeded.



Tech Support – Expert tech support delivered in a professional, friendly, and responsive manner. We work closely with your IT personnel to help them keep the bank running smoothly with no disruptions or downtime. Our consultants have the advantage of working in numerous banks where we see what works and what doesn’t; which vendors perform as billed and which ones fail on a regular basis; and how the complex components of a bank’s network work together to help the bank perform at a high level.



Server Virtualization Project – Applying the efficiencies and cost-savings of server virtualization on selected bank servers.



Remote Access – Empowering the mobile work force and assisting bank personnel in accessing network resources and bank information from various devices securely and efficiently when away from one of the bank’s physical locations.



Wireless Network Design and Installation – Determining wireless network specifications, designing, and installing the bank’s wireless network and/or related components.



Outlook/Exchange Support – Consultation regarding onsite or hosted (Microsoft 365) Outlook/Exchange configuration, administration, change management, and user support.



Desktop Support – Helping users with desktop issues ranging from operating system support to internet access.



Server Support – Technical assistance with the bank’s application servers ranging from patch management issues to general performance and troubleshooting.



Application Support – Consultation regarding user applications ranging from Microsoft Office to bank-specific solutions.



Infrastructure Support – Support and documentation of the bank’s network infrastructure designed to help bank management use the right hardware, software, and applications to maintain an efficient operation where employees are productive and customers are satisfied.



Backup Assessment – An assessment to determine what data is being backed up and what gaps exist that might endanger the bank’s recovery capability.



Disaster Recovery Plans and Testing – We can help bank management mitigate the risk of excessive downtime as the result of a disaster event. By planning for selected events and testing the bank’s recovery capabilities, we can provide the peace of mind that bank systems can be restored quickly, meeting the bank’s recovery time objectives, recovery point objectives, and maximum allowable downtimes.



Project Management – It is easy to start technology projects but it is difficult to finish them. Many banks suffer from partially or improperly installed systems or systems that were purchased and never installed. Let us help you manage your bank’s technology projects and complete them successfully and completely with desired results.