Sheltered Harbor
Sheltered Harbor is the not-for-profit, industry-developed standard for protecting and recovering customer account data if a catastrophic event causes critical systems – including backups – to fail. A subsidiary of the Financial Services Information Sharing and Analysis Center (FS-ISAC), its purpose is to promote the stability and resiliency of the financial sector and to preserve public confidence in the financial system in the face of an extended systems outage or destructive cyberattack. The Sheltered Harbor standard combines secure data vaulting of critical customer account information and a resiliency plan to provide customers timely access to their data and funds in a worst-case scenario. Financial institutions that successfully implement the standard achieve Sheltered Harbor certification. Sheltered Harbor is currently open to U.S. banks, credit unions, broker-dealers, asset managers, industry associations, and core service providers. Visit shelteredharbor.org for more information.
Why Sheltered Harbor?
- Built collaboratively by hundreds of the top subject matter experts in the financial industry
- The industry-developed standard for customer data protection and recovery of access to funds when critical systems fail
- Broad industry backing includes major industry associations, service providers, advisory and assurance firms, and regulator support
- Participating institutions already hold the majority of U.S. deposit accounts and brokerage client assets. To protect the entire industry, 100% participation is optimal
- Participation is low-cost and scaled to institution size and scope
- At all times, participants maintain control of their own customer data, plans and processes.
Industry Adoption
Sheltered Harbor is currently open to U.S. banks, credit unions, broker-dealers, asset managers, and service providers of all sizes, and already has a critical mass of industry adoption.
As of March 2019, participants hold:
- 70% of U.S. deposit accounts
- 55% of U.S. retail brokerage client assets
Download Brochure | Download Fact Sheet
How it Works: Three Pillars
Data Vaulting
Institutions back up critical customer account data each night in the Sheltered Harbor standard format, either managing their own vault or using their service provider.
The data vault is encrypted, unchangeable, and completely separated from the institution’s infrastructure, including all backups.
Sheltered Harbor Resiliency Planning
Institutions prepare the business and technical processes and key decision arrangements to be activated in the case of a Sheltered Harbor event; where all other options to restore critical systems – including backups – have failed.
They also designate a restoration platform so that if the Sheltered Harbor Resiliency Plan is activated, the platform can recover data from the vault to restore customer funds access as quickly as possible.
Certification
Certification is a critical component of the Sheltered Harbor initiative. Participants adopt a robust set of prescribed safeguards and controls, which are independently audited for compliance with the Sheltered Harbor standard.
Upon completing the requirements for Data Vaulting, the institution will be awarded Sheltered Harbor certification and an accompanying seal, communicating that their customer account data is protected.
How to Join
Sheltered Harbor participation is currently open to U.S. banks, credit unions, broker-dealers, and service providers of all sizes. Joining entitles participants access to the standard, support content and experts to help with implementation, and the knowledge that the institution is being proactive in protecting its customer account data, its own business, and public confidence in the US financial system. To learn more, please click here.
Sheltered Harbor the Organization
Origins
Sheltered Harbor emerged out of a series of public-private cybersecurity simulations known as the Hamilton Series. The conclusion of the exercises was that the financial services industry – and the US economy – could be vulnerable if an attack disabling an individual institution leads to large-scale customer panic.
So leading financial institutions, industry trade groups and large service providers established the Sheltered Harbor initiative to create a system-wide resiliency standard for the scenario in which a financial institution loses its operational capabilities.
Structure
Sheltered Harbor is a not-for-profit LLC, structured as a subsidiary of Financial Services Information Sharing and Analysis Center (FS-ISAC) with an independent board of directors.
It has a core team whose primary functions are to establish the standard, promote adoption to the industry, support implementation, and ensure adherence.
Ecosystem
From the beginning, Sheltered Harbor has enjoyed critical industry support from financial institutions, clearing houses, core processors and industry trade associations including:
- American Bankers Association (ABA)
- BITS, Bank Policy Institute (BITS/BPI)
- Credit Union National Association (CUNA)
- Financial Services Forum (FSF)
- Financial Services Information Sharing and Analysis Center (FS-ISAC)
- Independent Community Bankers of America (ICBA)
- National Association of Federal Credit Unions (NAFCU)
- Securities Industry and Financial Markets Association (SIFMA)
- The Clearing House (TCH)
More than one hundred subject matter experts collaboratively designed the solution. The initiative continues to support multiple workstreams, leveraging up to two hundred subject matter experts and industry professionals at any one time, who work together to ensure the Sheltered Harbor model is the gold standard in sector resiliency.
Sheltered Harbor partners with leading global and national advisory and assurance firms to assist with participant implementation. The number and scope of these partnerships continues to expand as the initiative matures.
Leadership
Sheltered Harbor is governed by its board of directors, comprised of financial institutions of all sizes, clearing houses, core processors and industry trade associations.
The board of directors is led by:
- Chairman Phil Venables, Bank and Senior Advisor (Risk and Cybersecurity)
Development and execution of Sheltered Harbor’s strategy is led by:
- Chief Executive Officer Trey Maust, Co-Founder and Executive Vice Chairman of Lewis & Clark Bank
- President and Chief Operating Officer Carlos Recalde, former CTO of the asset management business at SunGard and FIS