Sheltered Harbor

Sheltered Harbor's purpose is to promote the stability and resiliency of the financial sector and to preserve public confidence in the financial system in the face of an extended systems outage or destructive cyberattack.

How Sheltered Harbor Supports Greater Cyber Resiliency

Regulators across the globe recognize Sheltered Harbor as the financial industry’s standard-setting and certification body for cyber resilience and the long-term health of the financial sector. The Sheltered Harbor approach relies on three pillars:

1. Data Vaulting - Institutions back up both critical customer account data and their other vital data sets each night in the Sheltered Harbor standard format, either managing their own vault or using their service provider. The data vault is encrypted, unchangeable, completely separated from the institution’s infrastructure, including all backups, and it’s controlled by the financial institution.
2. Resiliency Planning - Along with vaulting their data, an organization simultaneously creates a plan to be resilient. Sheltered Harbor has laid out specific playbooks that must be developed and tested before achieving resiliency. Once the plans are developed and tested, certification is awarded, which leads to the third important pillar in the Sheltered Harbor program.
3. Certification - Participants adopt a robust set of prescribed safeguards and controls, which are independently audited for compliance every year. For example, once an organization’s data vaulting is certified, the institution will receive a seal communicating its customer data is protected and will be placed on Sheltered Harbor’s Certification Registry.

Moving quickly after a seismic cyber event is paramount to preserving the public’s confidence in the banking system. Visit the Sheltered Harbor website to start the journey toward cyber resilience certification today.