COCC TO AUTOMATICALLY PATCH COMMUNITY BANK PCS

AVON, Conn — JUNE 29, 2004 — Declaring war against computer viruses, code errors and software worms, COCC today announced an automated software patching service designed to meet community banking needs. Called “PatchPlus,” the new COCC service implements recent FDIC recommendations for monitoring, testing, installing and reporting on the installation of commercial software patches.

“As community banks increase their dependence on commercial software to support their businesses, tailored software patch management becomes a critical function,” said Brent Biernat, COCC’s managing officer for network services.

A recent FDIC bulletin focused on flaws in commercially developed software because of the security and performance vulnerabilities these flaws have caused in banks. The FDIC bulletin said “some financial institutions have experienced security breaches that could have been prevented through the timely identification and patching of software vulnerabilities.” The same bulletin announced new software patching guidance, which the agency is enforcing through annual examinations.

The FDIC bulletin recommended that each bank monitor its software manufacturers’ alerts, decide which software patches are critical to the bank, test them and install them promptly. This type of program requires technical expertise to understand each new patch in a short amount of time.

Larry Walker, Vice President – Information Technology at $622M Chelsea-Groton Savings Bank in Norwich, Conn., reported, “We have 250 workstations and a goal to install every critical patch as soon as possible. Prior to PatchPlus, that meant one of our people had to work in our office until 2 A.M. patching PCs. That wasn’t cost-effective.”

Walker explained that COCC’s PatchPlus not only updates the bank’s PCs overnight and without human intervention, it provides reports that prove to the regulators that the PCs have been patched. “Each month, we receive a summary of the vulnerabilities discovered plus the patch status of our workstations,” said Walker. “A second report details the software and hardware installed.”

The reports also direct the banks’ workstation maintenance efforts. William Lidestri, Senior Vice President at $220M Windsor Federal Savings, said that he reviews the reports with his network technician to ensure that all workstations are properly patched. “We review the reports monthly to evaluate the status of our patching program and when necessary, the technician determines the appropriate corrective action to be taken in regards to specific workstations. These reports provide us with the information necessary to benchmark our patching efforts as well as ongoing documentation.”

COCC’s Biernat explained that a critical component of the PatchPlus service is testing each patch to ensure that it works with the bank’s teller, platform and back room systems. “This is something that Microsoft and other software vendors simply cannot do,” he explained. “They haven’t a clue what systems are running in banks. We do!”

Once the patch test succeeds, it is installed automatically on a test workstation at the bank. Success at this stage triggers general deployment.

Biernat added that COCC always notifies each bank before patching so, “they know that we’re going to patch the PCs in a certain area such as loan servicing.”

“When we add up the cost of PatchPlus and compare that to the cost of an in-house solution — we know that we’re saving money,” said Windsor Federal’s Lidestri. “PatchPlus provides a cost effective, efficient and timely solution to a critical component of information technology management.”