Become a member

Our strategic plan.
Your cyber profile.

CRI serves the financial services ecosystem by maintaining the CRI Profile, and by expanding its use to every corner of the industry. To date, the Profile is used by 100+ firms on 4 continents and, over time, we intend for those numbers to grow exponentially.

As we grow the user base, we will also augment the Profile with the integration of cybersecurity-related standards for emerging technologies (e.g., AI, cloud tech), privacy, financial digitalization, and resilience.

The CRI Profile’s Strategic Plan.

2022-2024

We’ll work to expand the depth of the Profile through the incorporation of maturity, cloud controls, and additional cyber controls related to incident response and operational resilience. We will work on developing training materials for members. With respect to cloud, we have integrated the Cloud Security Alliance’s (CSA) Cloud Control Matrix (CCM) into the Profile.

2024-2025

As the Profile becomes increasingly adopted in the financial industry ecosystem, we will explore the addition of template security policies and potentially model contract language for third-party engagements. During this time, we will remain committed to the continued education of regulators and firms on the value and benefits of the Profile.

2026 AND BEYOND

We will explore the potential to offer formal Profile certification and training, and assistance to other sectors in the development of their own Profile-based frameworks. Additionally, we plan to incorporate cyber requirements related to third-party engagements, privacy, operational resilience, and quantum computing into the Profile and its extensions.

Focus on the future.

Our strategic plan includes four main areas of focus for the CRI Profile.

Add Functionality to the Profile

NEAR-TERM

Update the Profile regularly

Develop benchmarking program.

Incorporate risk taxonomy.

MEDIUM-TERM

Develop policies, procedures, and organizational chart templates for users.

LONG-TERM

Develop a training and certification program.

Map Additional Cyber-Related Requirements

NEAR-TERM

Sustain planned revision cycle.

Expand cyber-related controls (e.g., cloud, incident response, privacy, technology).

MEDIUM-TERM

Explore mapping automation capabilities.

Implement automated mapping capabilities.

LONG-TERM

Work with other sectors to develop Profile-like approach.

Drive Profile Acceptance

NEAR-, MEDIUM-, AND LONG-TERM

Sustain and increase pace of regulatory engagements.

Raise CRI Profile awareness via select events.

Educate/engage policymakers
(e.g., legislative and regulatory bodies).

Expand Profile Use

NEAR-TERM

Develop training materials for implementation and use.

Hold regular Master Classes for members.

Create blogs and host webinars.

Expand Profile market presence through through Affiliate and Innovator Programs.

MEDIUM-TERM

Enhance the financial ecosystem through strategic partnerships.

LONG-TERM

Develop educational materials for Board reporting using the Profile.

BACK TO TOP

Membership is open to all organizations within the financial services sector.