management and control of risk
In order to manage and control the risks that have been identified, the credit union shall:
- Establish written procedures designed to implement, maintain and enforce the credit union's information security program.
- Limit access to the credit union's member information systems to authorized employees only.
- Establish controls to restrict employees from providing member information to unauthorized individuals.
- Limit access at the credit unions physical locations containing member information, such as buildings, computer facilities, and records storage facilities to authorized individuals only.
- Provide password protection and/or encryption of electronic member information including but not limited to information in transit or in storage on networks or systems to which unauthorized individuals may have access.
- Implement internal control procedures, segregation of duties, and employee background checks for employees with responsibilities for or access to member information.
- Monitor the credit union's systems and procedures to detect actual and attempted attacks on or intrusions into the member information systems.
- Establish response programs that specify actions to be taken when the credit union suspects or detects that unauthorized individuals have gained access to member information systems, including appropriate reports to regulatory and law enforcement agencies.
- Implement measures to protect against destruction, loss, or damage of member information due to environmental hazards, such as fire and water damage or technical failures.
- Regularly test, monitor, evaluate, and adjust as appropriate, the information security program in light of any relevant changes in technology, and internal or external threats to the credit union's information security systems.
- Regularly test the key controls, systems, and procedures of the information security program.
- Ensure that all contracts with service providers contain appropriate provisions requiring the service providers to protect the confidentiality of the credit union member's nonpublic personal information. Under no circumstances will we authorize these firms to charge member's accounts without their expressed consent. Navy Army Community Credit Union does not sell or otherwise provide member names or other information to third parties for purposes inconsistent with the credit union's mission
Disclaimer: Navy Army Community Credit Union's web site includes links to third party websites. These links are for informational purposes only and not an endorsement of those products or services. Third party websites accessed by links are not part of the credit union or its website. Be sure you know your privacy rights when offering information to those sites.