Information Security and Compliance Software

Why Tandem?

It's all in the name. CoNetrix Tandem software is an online solution that helps ease the burden of regulatory compliance. We have done the research up front so you can be compliant with information security regulations in much less time. Don't labor over extensive language and making sure updates are made to all the right documents. Let us work in Tandem with you so you can accomplish your compliance goals.

Who is Tandem for?

Tandem software was built specifically for financial institutions (banks, savings associations, credit unions, and trust companies) to help increase security, stay in compliance, and lower overhead costs. We understand bank employees, especially for community banks, are asked to wear numerous hats, and with the continued increase in compliance burden, it is hard to keep your balance. In the past, we have primarily assisted banks with their security and compliance needs through expensive consulting, but now with CoNetrix Tandem software, you can save time and money without sacrificing information security, cybersecurity, or compliance.

Audit Management Software

CoNetrix Tandem Audit Management software is designed to help financial institutions (e.g., banks, savings associations, credit unions, mortgage companies, trust companies, etc.) manage, track, respond to, report, and conduct any type of audit or exam.

Tandem Audit Management

The Tandem Audit Management software features multiple versions.

  • Audit Standard allows full access to the finding and response manager for entering and tracking the status of responses for any type of audit or exam, including recommendations, responsibilities, and due dates.
    * A complimentary version of this product, Audit Lite, is provided with every CoNetrix audit (limited to tracking CoNetrix security engagements).
  • Audit Pro builds upon the finding and response manager of Audit Standard and allows full access to the audit manager tool which gives the ability to create and conduct audits, including work programs and work papers.

Business Continuity Planning Software

Business continuity and disaster recovery are critical for any company, but especially for financial institutions (banks, savings associations, credit unions, and trust companies). A good business continuity plan (BCP) should help a company or institution avoid losses as well as return to normal operations as soon as possible if an adverse event or disaster were to occur.

Tandem Business Continuity Planning

CoNetrix offers online business continuity planning software to facilitate the development and maintenance of a Business Continuity Plan/Disaster Recovery Plan, following FFIEC, FDIC, OCC, FRB, and NCUA guidance. Use the software to prepare for adverse events such as natural disasters, biological pandemics, technological failures, human error, terrorism, and cyber-attacks.

The Tandem Business Continuity Planning software includes the ability to:

  • Work through an easy to follow process
  • Conduct a business impact analysis (BIA) process with uniform questionnaires
  • Define and develop business process restoration procedures
  • Customize emergency checklists and preparedness controls
  • Send employee alert messages through email, phone, text messages (SMS), and mobile app push notifications
  • Use more than 10 template emergency checklists to get you started
  • Specify emergency meeting locations
  • Document a recovery plan and additional recovery details for equipment
  • Upload supplemental documentation to a secure site for remote backup
  • Easily document business continuity tests
  • Use the Tandem App to quickly access the BCP through a mobile device

Compliance Management Software

Financial Institutions (banks, savings associations, credit unions, and trust companies) have extensive regulatory requirements and compliance tasks. The CoNetrix Tandem Compliance Management software helps you identify, schedule and track important dates impacting financial institution requirements including reporting, audits, training, operations, and compliance.

Tandem Compliance Management

CoNetrix developed an online software tool to help financial institutions, such as banks, credit unions, mortgage companies and trust companies, complete and report on annual and recurring compliance events. The Tandem Compliance Management module is available in two versions.

  • Compliance Management Free helps financial institutions keep track of regulatory and compliance events.
  • Compliance Management Pro builds upon the free version with additional features, including additional download options, document storage, an additional access role, and bulk import capabilities.


The FFIEC released a Cybersecurity Assessment Tool to help financial institutions identify their risks and assess their cybersecurity preparedness.

Tandem Cybersecurity

CoNetrix developed an online software tool to help financial institutions such as banks, credit unions, mortgage companies and trust companies complete and report on the FFIEC Cybersecurity Assessment Tool. The CoNetrix Tandem Cybersecurity module is available in three versions.

  • Cybersecurity Free is an electronic version of the FFIEC Cybersecurity Assessment Tool.
  • Cybersecurity Pro builds upon the free version with additional features, including additional documents, document storage, access roles, and the ability to copy assessments.
  • Cybersecurity Pro + Boost Consulting not only includes all software features, but also provides personal training and consulting services for your employees and Board of Directors.

Identity Theft Prevention Program Software

On November 9, 2007, the Agencies jointly issued final rules and guidelines to implement Sections 114 and 315 of the Fair and Accurate Credit Transactions Act of 2003 (FACT Act). These rules require financial institutions (banks, credit unions, trust companies, mortgage companies) and creditors to develop and implement a written Identity Theft Prevention Program to detect, prevent, and mitigate identity theft in connection with covered accounts. Additionally, the rules require financial institutions to establish policies and procedures to assess the validity of a change of address.

Tandem Identity Theft Prevention Program

CoNetrix offers online software to help create your Identity Theft Prevention Program document, along with customizable employee training for Identity Theft Red Flags. Our software follows the FDIC, OCC, FRB, NCUA, and FTC (the Agencies) red flag rules and guidelines and enables you to efficiently create a complete Identity Theft Prevention Program.

The Tandem Identity Theft Prevention Program software includes the ability to:

  • Work through an easy multi-step process to create your program
  • Update your information annually
  • New features and updates are automatically included with your annual subscription
  • Download your program in an editable Microsoft Word document or as an Adobe PDF
  • Utilize a red flags training course, based on your red flags and covered accounts
  • Modify the course's content
  • Manage and enroll an unlimited number of users in red flag training
  • Obtain reports to show who has taken and passed the training
  • Download the red flags training as a Microsoft PowerPoint presentation

Internet Banking Security Program

On June 28, 2011, the FFIEC issued a supplement to the Authentication in an Internet Banking Environment guidance released in October 2005. The purpose of the supplement is to reinforce the guidance's risk-management framework and update the FDIC, OCC, NCUA, and FRB's (collectively, the Agencies') expectations regarding customer authentication, layered security, or other controls in the increasingly hostile online banking environment.

Tandem Internet Banking Security Program

CoNetrix has developed an online software to help financial institutions (i.e., banks, credit unions, savings associations, etc.) go through the risk assessment process and provide customer awareness and education. The Tandem Internet Banking Security Program is a stand-alone software module integrated with the Tandem Security & Compliance online software.

The program is divided into two components:

  • The Internet Banking Risk Assessment features an easy process with a questionnaire to identify risk levels and help you assign layered controls to mitigate related Internet banking and cybersecurity risk. Your risk assessment is customizable based on your financial institution's unique situation.
  • The Customer Education/Awareness Program will provide your financial institution with the tools to deliver education and security awareness to your customers.

In addition, the Tandem Internet Banking Security software will provide you with account takeover (ATO/CATO) template documents to assist in your annual reporting to the board and documenting of incident response procedures.

Tandem Phishing

As part of employee training, the Agencies (FFIEC, FDIC, OCC, NCUA, and FRB) directed financial institutions to encourage employee awareness and preparation for a variety of social engineering attacks, including phishing email scams.

What is phishing?

According to the FFIEC Information Security E-Banking Booklet, phishing is "a digital form of social engineering that uses authentic-looking—but bogus—email to request information from users or direct them to fake Web sites that request information." Just as technical security is necessary for cybersecurity, employee education plays a role in maintaining cybersecurity. Only employees can save themselves from being victims of a phishing email cyber-attack.

CoNetrix has developed an online software to help financial institutions test their employee preparedness to recognize and avoid phishing attacks. Tandem Phishing allows you to:

  • Send an unlimited number of automated phishing emails to your employees
  • Contact employees using unfamiliar or recognizable email addresses
  • Select custom groups of recipients for diverse testing results
  • Use CoNetrix templates or create your own
  • Create unique landing pages for user education
  • Review analytics and download reports

Policies Software

Policies and procedures are the primary method financial institutions (banks, savings associations, credit unions, and trust companies) use to define controls. Too often, after they are developed, they end up sitting on a desk and collecting dust until the next exam.

Tandem Policies

CoNetrix offers an online solution to help you create and maintain your enterprise-wide policies in Tandem.

The Tandem Policies module is populated with an Information Security Policies set, created by CoNetrix security experts and tailored for your institution through a multiple-choice questionnaire.

The Information Security Policies set includes:

  • Content for more than 50 recommended policies, designed to be in compliance with information security and cybersecurity regulations. Template policies include: Change Management, Core Application, Electronic Banking (e-Banking), Incident Response, Intrusion Detection and Prevention, Mobile Devices, Social Media, and Wireless Network Access.
  • The ability to define verification items for each policy and combine the items into meeting agendas for your various committees (e.g., Audit Committee, Security Committee, etc.).
  • A mapping to appropriate regulatory guidance (i.e., FFIEC, FDIC, OCC, FRB, and NCUA). Additionally, Tandem allows you to optionally include references to the following standards:
    • COBIT 4.1
    • NIST SP800-53
    • PCI DSS vs. 3.1

In addition to the Information Security Policies set, you may use the Tandem framework to maintain all of your financial institution's policies. Add your own policy language and assign user access based upon unique categories (e.g., Human Resources, Lending, Operations, etc.). Use global reporting to generate standardized documents, such as an enterprise-wide Acceptable Use Policy (AUP) or your full policy set, ready to share with your employees, auditors, examiners, and Board of Directors.

Risk Assessment Software

The Gramm-Leach-Bliley Act (GLBA) and the Interagency Guidelines Establishing Information Security Standards require financial institutions (banks, savings associations, and credit unions) establish an Information Security Risk Assessment.

Tandem Risk Assessment

CoNetrix offers an online risk assessment software solution to help banks and credit unions perform an information security risk assessment, per GLBA, as well as individual information asset risk assessments. We designed our software using guidance from the FFIEC, FDIC, OCC, FRB, NCUA, and CFPB. Our web-based risk assessment software is designed in an easy-to-follow format.

Information Security Risk Assessment

The Tandem Information Security Risk Assessment Software includes:

  • A location management tool to assist in identifying likelihood and potential damage based on physical locations
  • A threat questionnaire broken into eight sections to assist in quantifying the likelihood and potential damage associated with threats.
  • More than 60 pre-defined "common" threats to financial institutions, including Biological Pandemic, Remote Deposit Capture, Internet Banking System Misuse, and Wireless Emissions Compromised
  • A confidential information management section to manage data classification and data flow and to document the location of customer information and/or vital records
  • A threat management section to manage controls, information security and cybersecurity compliance, impact, and guidance associated with identified threats

Information Asset Risk Assessments

Additionally, the Information Asset Risk Assessments portion includes:

  • Risk assessment framework with control reduction calculation to assist in quantifying the likelihood and potential damage associated with threats
  • Data type management to manage data classification and to document which assets house various data types
  • A threat management component to manage controls, compliance, impact, and guidance associated with identified threats
  • Multiple risk assessment templates for priority assets, including ATM, Mobile Devices, and Social Media

Social Media Management Software

On December 11, 2013, the FFIEC released a guidance on behalf of the FDIC, OCC, FRB, NCUA, CFPB, and SLC titled "Social Media: Consumer Compliance Risk Management Guidance." The guidance is intended to help financial institutions understand potential compliance, legal, reputation, operational, and other risk associated with social media. As part of the guidance, it is suggested each financial institution have a risk management program to identify, measure, monitor, and control risks related to social media.

Social Media Management

The CoNetrix Tandem Social Media Management software will assist financial institutions (e.g., banks, credit unions, trust companies, and mortgage companies) in developing and maintaining a risk management program. In addition to the written program, the Tandem Social Media Management software can help you:

  • Manage your social media profiles with one login.
  • Create a custom review process for authoring, scheduling, and approving posts.
  • Publish to all accounts from one secure site.
  • Track and limit employee access to your social media accounts.
  • Monitor social media sites for posts about your financial institution.

The CoNetrix Tandem Social Media Management software features three components:

  • The Risk Management Program helps develop and manage your financial institution's social media compliance and risk management program, including governance, policies and procedures, third-party management, employee training, oversight, audit and compliance, and reporting.
  • The Publishing tool allows you to create, approve, and manage your social media posts to multiple outlets from one location.
  • The Monitoring tool allows you to track and monitor information posted about your institution.

Vendor Management Software

Financial Institutions (banks, savings associations, credit unions, trust companies) often rely on third parties for different software, products, or services. The use of third parties or service providers does not reduce the responsibility of the Board of Directors and senior management to ensure the third-party products and/or services are safe and sound and comply with applicable laws, regulations, and security best practices. This is accomplished through vendor management.

Tandem Vendor Management

CoNetrix offers an online vendor management software solution to help you manage your service providers. The online Tandem Vendor Management software includes the ability to manage each vendor individually, using the following sections:

  • Contact Information: Include contact information for the vendor and services.
  • Profile: Record important facts about your vendor with the company profile.
  • Services: Assign and maintain services the vendor provides. Optionally conduct a risk assessment on each service and fill out a questionnaire to determine the relationship significance and required documents.
  • Responsibility: Assign employees to vendors so they can manage the updates.
  • Reviews: Conduct and document regular reviews of the vendor, including a general vendor review, covering Quality of Service and Risk Management practices, and more specific reviews, such as SOC Report Reviews or Financial Statement Reviews.
  • Contracts: Manage and review contracts, with the ability to securely store contracts for business continuity purposes. Get automated email reminders about important dates.
  • Documents: Manage and review supporting documents from vendors (e.g. SOC reports, financial statements, proof of business continuity testing, etc.).
  • Requests: Send requests for documentation to your vendor contacts and receive responses through Tandem.
  • References: Document and maintain references for a vendor during vendor selection.