Sheltered Harbor

Sheltered Harbor is the not-for-profit, industry-developed standard for protecting and recovering customer account data if a catastrophic event causes critical systems – including backups – to fail. A subsidiary of the Financial Services Information Sharing and Analysis Center (FS-ISAC), its purpose is to promote the stability and resiliency of the financial sector and to preserve public confidence in the financial system in the face of an extended systems outage or destructive cyberattack. The Sheltered Harbor standard combines secure data vaulting of critical customer account information and a resiliency plan to provide customers timely access to their data and funds in a worst-case scenario.  Financial institutions that successfully implement the standard achieve Sheltered Harbor certification. Sheltered Harbor is currently open to U.S. banks, credit unions, broker-dealers, asset managers, industry associations, and core service providers. Visit shelteredharbor.org for more information.

Why Sheltered Harbor?

Industry Adoption

Sheltered Harbor is currently open to U.S. banks, credit unions, broker-dealers, asset managers, and service providers of all sizes, and already has a critical mass of industry adoption.

As of March 2019, participants hold:

Download Brochure | Download Fact Sheet

How it Works: Three Pillars

Data Vaulting

Institutions back up critical customer account data each night in the Sheltered Harbor standard format, either managing their own vault or using their service provider.

The data vault is encrypted, unchangeable, and completely separated from the institution’s infrastructure, including all backups.

Sheltered Harbor Resiliency Planning

Institutions prepare the business and technical processes and key decision arrangements to be activated in the case of a Sheltered Harbor event; where all other options to restore critical systems – including backups – have failed.

They also designate a restoration platform so that if the Sheltered Harbor Resiliency Plan is activated, the platform can recover data from the vault to restore customer funds access as quickly as possible.

Certification

Certification is a critical component of the Sheltered Harbor initiative. Participants adopt a robust set of prescribed safeguards and controls, which are independently audited for compliance with the Sheltered Harbor standard.

Upon completing the requirements for Data Vaulting, the institution will be awarded Sheltered Harbor certification and an accompanying seal, communicating that their customer account data is protected.

How to Join

Sheltered Harbor participation is currently open to U.S. banks, credit unions, broker-dealers, and service providers of all sizes. Joining entitles participants access to the standard, support content and experts to help with implementation, and the knowledge that the institution is being proactive in protecting its customer account data, its own business, and public confidence in the US financial system. To learn more, please click here.

Sheltered Harbor the Organization

Origins

Sheltered Harbor emerged out of a series of public-private cybersecurity simulations known as the Hamilton Series. The conclusion of the exercises was that the financial services industry – and the US economy – could be vulnerable if an attack disabling an individual institution leads to large-scale customer panic.

So leading financial institutions, industry trade groups and large service providers established the Sheltered Harbor initiative to create a system-wide resiliency standard for the scenario in which a financial institution loses its operational capabilities.

Structure

Sheltered Harbor is a not-for-profit LLC, structured as a subsidiary of Financial Services Information Sharing and Analysis Center (FS-ISAC) with an independent board of directors.

It has a core team whose primary functions are to establish the standard, promote adoption to the industry, support implementation, and ensure adherence.

Ecosystem

From the beginning, Sheltered Harbor has enjoyed critical industry support from financial institutions, clearing houses, core processors and industry trade associations including:

More than one hundred subject matter experts collaboratively designed the solution.  The initiative continues to support multiple workstreams, leveraging up to two hundred subject matter experts and industry professionals at any one time, who work together to ensure the Sheltered Harbor model is the gold standard in sector resiliency.

Sheltered Harbor partners with leading global and national advisory and assurance firms to assist with participant implementation.  The number and scope of these partnerships continues to expand as the initiative matures.

Leadership

Sheltered Harbor is governed by its board of directors, comprised of financial institutions of all sizes, clearing houses, core processors and industry trade associations.

The board of directors is led by:

Development and execution of Sheltered Harbor’s strategy is led by: