Overview

We focus our credit union solutions on the security regulations administered by the various federal and state regulatory agencies. Regulatory policy requires the credit union to have a comprehensive security policy that outlines proactive and ongoing programs aimed at:

1. Prevention  
2. Detection
3. Response

Electronic banking is a way of life for most credit unions and for rapidly growing numbers of consumers, therefore posing significant risk to the insured credit union.

To insure adequate privacy protection and information technology security for credit unions and consumers, federal agencies that regulate credit unions cooperated in developing Safety and Soundness Examination Procedures for electronic banking to be used by agency examiners in auditing banking operations. The National Credit Union Administration (NCUA) Regulation (Reg) 748 added supplementary requirements aimed at safeguarding member information. In turn, the credit union regulatory agencies levied specific requirements as a result of Reg 748. The Regulation requires that credit unions inform members about their privacy policies and give them a choice regarding when that data may be shared with third parties.

In addition to establishing a set of Privacy Rules to implement the privacy provisions, Congress also directed the establishment of the Privacy Guidelines, "appropriate standards relating to administrative, technical and physical safeguards" to:

1. Insure the security and confidentiality of customer records and information
2. Protect against any anticipated threats or hazards to the security or integrity
   of such records and information
3. Protect against unauthorized access to or use of such records or information,
   which could result in substantial harm or inconvenience to any customer

Like the Privacy Rules, the Privacy Guidelines must be implemented. Pivot Group is dedicated to protecting today's businesses from the multitude of current and emerging security threats, and has developed a Reg 748 compliance offering that incorporates analysis and implementation of the following elements:

• Restricting access to information to only authorized individuals (both internally and
  externally)
• Restricting access to physical locations where information is stored
• Encryption of electronic information
• Procedures to insure coordination of all security efforts
• Dual control procedures (meaning two people acting together to access information)
• Background checks for employees with access to member information
• Maintaining systems that detect actual and attempted intrusions into member
  information
• Response programs for suspected unauthorized access
• Protection against loss or damage to information by environmental causes

Pivot Group's solutions and look, plan, act, repeat methodology logically manage the many complex issues relating to an effective security strategy for Credit Unions.  Contact us today to discuss your current situation and industry requirements.

• Security Strategy
• Risk Assessments
• Security Audits
• Reg 748 Compliance
• FFIEC Guidelines Compliance
• Data Policy and Protection
• Policy Development & Implementation
• Training
• Technology Recommendations and Deployment
• State & Federal Audit Preparation
• Supervisory Committee Monitoring & Audit Programs

For a printer-friendly version of the above information, please click here.

For more information about Information Security and Credit Unions, please refer to our Resource Guide.