Version 1.2 dramatically expands the reach of the Profile, incorporating key international cyber expectations for the financial institutions.

Today, December 14, 2021, the Cyber Risk Institute (CRI) released Version 1.2 of the Profile: https://cyberriskinstitute.org/the-profile/. The CRI Profile is a widely accepted cyber security regulatory compliance framework. This release is the largest update to the Profile since its original release and the first made since CRI incorporated as an independent organization. The Profile Version 1.2 includes a number of substantial additions, designed to significantly expand the global reach of the CRI Profile. Jason Harrell, Head of External Engagement for DTCC and the Vice Chair of CRI’s new Board of Directors, characterized the release by noting, “each newly included element brings its own value, but this release extends the Profile’s footprint topically and geographically. It is our most ambitious expansion yet and reflects months of work done by leading industry partners, in conversation with the relevant regulatory bodies.”

Concurrent with the Version 1.2 release, CRI also published the companion Profile Workbook, which provides guidance and examples of effective evidence for each of the Profile’s 277 Diagnostic Statements. Barth Bailey of Fulton Bank, who is the new Chair of the CRI Board of Directors, has been a leading contributor to the development of the workbook. He acknowledged, “CRI is designed to serve the financial services ecosystem by maintaining the Profile, and by expanding its use to every corner of the industry. This workbook is a giant leap forward in easing the way for organizations to adopt the CRI Profile. It offers clear guidance and suggestions for every single part of the Profile, which translates to an ever-increasing number of regulatory expectations. The guidance contained here is invaluable and reflects a collaborative process, during which over 100 financial institutions took part. This is a remarkable achievement for the industry and reflects our shared commitment to improving security.”

President of CRI, Josh Magri added that, “We mark the end of 2021 with some of our biggest accomplishments to date. The release of the Profile Workbook and Version 1.2 are the product of hundreds of hours of work – not only by CRI itself, but by leaders across the financial sector and regulatory community. This is a powerful, collaborative approach that has consistently yielded results and provided significant benefits to the wider industry.”

About Cyber Risk Institute: The Cyber Risk Institute (CRI) is a not-for-profit coalition of financial institutions and trade associations. We’re working to protect the global economy by enhancing cybersecurity and resiliency through standardization. https://cyberriskinstitute.org/

• The CRI Profile is the successor to the Financial Services Sector Coordinating Council (FSSCC) Cybersecurity Profile, a NIST and IOSCO based approach to assessing cybersecurity in the financial services industry.