Frequently Asked Questions



Who is eligible to join Sheltered Harbor?

Participation is available to U.S. financial institutions of all types and sizes.

Are financial institutions required to join Sheltered Harbor?

Sheltered Harbor is a not-for-profit, industry-led initiative. Participation is voluntary. We can best protect our customers, ourselves, and the entire U.S. financial system when every financial institution joins and implements the industry developed resilience standards - the only standard and best practices for protecteion of isolated data, relsilience and recovery.

 

Regulators provide guidance in this space, which is complimentary and supportive of Sheltered Harbor:

OCC& FDIC: Cybersecurity: Joint Statement on Heightened Cybersecurity Risk

FFIEC: Financial Regulators include Sheltered Harbor in IT Examination Handbook

FSSCC Business Services Resilience and Restoration Guide

 

How do I get the Sheltered Harbor Specification?

Join today.

The Specification and resources to help with implementation are only available to Participants.

How much does it cost?

Participation fees to join Sheltered Harbor are minimal. Implementation costs vary by size and complexity of institution as well as infrastructure, operations and skills base.

Click here for annual participation fees.

How hard is it to implement Sheltered Harbor?

While effort required varies according to size and complexity as well as pre-existing infrastructure, operations, and skills base, Sheltered Harbor is not especially difficult to implement. Smaller institutions have declared their first Sheltered Harbor milestone in as little as three months, while it takes longer for large, complex institutions.

The key factors are prioritization by top leadership and building a cross-functional team to manage the process. Your team should include operations, technology, information security, risk management, audit and compliance, and other relevant departments.

We’ve developed many resources to help you get Sheltered Harbor Certified as quickly as possible, which you can access as soon as you join:

  • Guides for every step of the process
  • Forums for support and collaboration
  • Training through webinars and live events
  • Reference Architectures to see how others have implemented
  • Technology Solutions such as encryption software (additional fees may apply)
  • Alliance Partners to help build the right plan for your institution

How can I get help implementing Sheltered Harbor?

In addition to the resources available to all Participants on our content portal, we have created alliance partnerships with several select firms to help you plan, implement, and certify.  Through this growing ecosystem of providers, your options to become resilient against cyber attacks are broader, deeper, quicker, cheaper and less risky than building it all independently.

If I use a Service Provider for core processing, do I still need to join Sheltered Harbor?

Yes.  If you use a Service Provider for core processing and elect to use their Data Vaulting Solution, you still need to join Sheltered Harbor to receive the services. You also need to develop your own Sheltered Harbor Resiliency Plan in order to achieve Sheltered Harbor Certification.

The following providers are currently developing Sheltered Harbor Vaulting Solutions: 

If you do not see your provider, please contact them directly. They may have joined Sheltered Harbor, but not yet made public announcements. If they haven't joined Sheltered Harbor yet, either ask them to do so or send us a note with their contact information and we will reach out to them about joining the initiative.

 

How do I contact someone for more details about Sheltered Harbor?

Check out our Fact Sheet for answers to many questions.

Don't hesitate to get in touch for more information.

Email us at info@shelteredharbor.org

Phone: +1 (347) 797-1230

Mailing address:  12120 Sunset Hills Road, Suite 500, Reston, VA 20190