Proposed Changes to Uniform Information Systems Rating System
August 6, 1998
Circular No. 11079

To All State Member Banks, Bank Holding Companies, and Branches and Agencies of Foreign Banks, in the Second Federal Reserve District:

The Federal Financial Institutions Examination Council (FFIEC) is requesting comment from the public on proposed changes to the Uniform Interagency Rating System for Data Processing Operations, commonly referred to as the Information Systems rating system. The principal changes proposed by the FFIEC are:

  • To change the name of the rating system to the Uniform Rating System for Information Technology (URSIT) and to reflect changes that have occurred in the data processing services industry and in supervisory policies and procedures since the adoption of the rating system in 1978.
  • To revise the numerical ratings to conform to the language and tone of the rating definitions of the Uniform Financial Institution Rating System, commonly referred to as the CAMELS rating system.
  • To reformat and clarify the component rating description
  • To emphasize the quality of risk management processes in each of the rating components.
  • To add two new component categories - Development and Acquisition; and Support and Delivery - as replacements for Systems Development and Programming; and Operations.
  • To explicitly identify the risk types that are considered in assigning component ratngs.

After reviewing public comments, the FFIEC intends to make appropriate additional changes to the revised URSIT, if necessary, and to adopt a final information technology rating system.

The FFIEC's proposal, as published in the Federal Register of June 6 is available as a pdf file (pdf - 58kb). Comments should be submitted to the Council, as specified in the notice.