Sheltered Harbor is the not-for-profit, industry-developed standard for protecting and recovering customer account data if a catastrophic event causes critical systems - including backups - to fail.
Sheltered Harbor's purpose is to promote the stability and resiliency of the financial sector and to preserve public confidence in the financial system in the face of an extended systems outage or destructive cyberattack.
The Sheltered Harbor standard combines secure data vaulting of critical customer account information and a resiliency plan to provide customers timely access to their data and funds in a worst-case scenario.
In many cases your core processor may provide a Sheltered Harbor solution. Please read ICBA's Core Processor Guide.
Industry Response — Resiliency standards established by the financial services industry ensure that consumers receive timely access to their accounts in the event that their bank or brokerage firm becomes inoperable due to a major cyber event.
Standard Data — All participating institutions make a daily copy of the consumer’s account data in a standard format, which enables the restoration of account by another institution or processor in the event of a major loss of operations.
Monitored Regularly — All participating institutions update their adherence reviews to ensure that the Sheltered Harbor standards are exercised consistently and in accordance with Sheltered Harbor specifications.
Secure Vault — Your customers’ account data is archived in a secure data vault that is protected from alteration or deletion. The data will stay intact and accessible if needed-exactly as when it was archived. Think of this as a fall-out shelter for customer data, with each institution providing its own data vault.
Sheltered Harbor participation is currently open to U.S. banks, broker-dealers, and service providers of all sizes.
Joining entitles participants access to the standard, support content and experts to help with implementation, and the knowledge that the institution is being proactive in protecting its customer account data.
