It’s examination time!  Let us help you with your policies and/or answering your IT related questions.  We have helped several credit union write their IT policies for their examiners.    We can provide the following policies which we maintain the copyright to and maintain for you.  The cost for each of these policies in bold are $720 each (listed in Bold below).  Annual updates and reviews are $180/year for each policy.  This cost covers the amount of time each of these policies takes to create/review/update initially and in review each year.   Let us know if you need assistance with any of these polices.

Information Systems and Security Policies which includes:
The purpose of the Information Security Policy is:
– To establish a Credit Union-wide approach to information security.
– To prescribe mechanisms that help identify and prevent the compromise of information and the misuse of Credit Union data, applications, networks, and computer systems.
– To define mechanisms that protect the reputation of the Credit Union and allow the Credit Union to satisfy its legal and ethical responsibilities with regard to its networks’ and computer systems’ connectivity to worldwide networks.
– To prescribe an effective mechanism for responding to external complaints and queries about real or perceived non-compliance with this policy.

This policy covers the following topics:

Information Security Policy
Introduction
Purpose of Policy
Responsibility
Recommended Practices
General Policy
Data Classification Policy
High Risk
Confidential
Public
Access Control Policy
Virus Prevention Policy
Intrusion Detection Policy
Internet Security Policy
System Security Policy
Acceptable Use Policy
Policy Exceptions

Electronic Mail and On-Line Access Policy
Electronic Mail Policy
On-Line Access Policy
Distribution of Policy
Changes to Policy

Systems Password Policy
Policy Application
Password Guidelines
Password Expiration
Exceptions to Policy
Distribution of Policy
Changes to Policy

E-Commerce Policy
Vendor Management
Transmission of Sensitive Data
Regulatory compliance
Data Processor and Home Banking Information Communication

Equipment Disposal Policy
Purpose of Policy
Scope of Policy
Disposal Procedures
Recycling Procedures

Computer Systems Incident Response Plan
Identifying an Incident
Sources of Notification of Incident
Initial Documentation of Incident
Notification of Incident
Incident Response
Incident Report
Incident Response Procedure
Future Incident Prevention
System Restoration
Complete Documentation of Incident
Evidence Preservation
External Notification
Review Incident Response
Contact List

Information Systems Configuration and Vendor List
External Connections
ISP (Internet Service Provider)
Firewall / Routers
Internal Network Equipment
Network Switches and Hubs
Domain Controllers
Data Processing Server
UPS
Network Printers
Hewlett Packard Jet-Direct 170x
User Workstations
Network Diagram

Employee & Board Contact Info
Vendor List
Critical Applications List

Disaster Recovery Policy/ Contingency Plan:
Pervasive use of computer technology and other special function equipment to support essential business functions at financial institutions has created a need for contingency planning and disaster prevention controls. Dependency on information systems and equipment indicate that appropriate contingency plans should be developed and maintained that will ensure the continuity of essential business functions.

Due to these concerns, federal regulatory agencies have released revised guidelines (in the form of memorandums, bulletins, and circulars) which provide a uniform minimum standard for compliance by financial institutions and data processing services.  This contingency plan is intended to fulfill the requirements of the federal regulatory agencies and contain business disruption to an acceptable level subsequent to a disaster at the Northern Indiana Federal Credit Union location.

This policy covers the following topics:

Contingency Plan Scope
Location of Facilities
Plan Elements
Emergency Response
Initial Damage Assessment
Interim Processing
Restart Procedures
Site Restoration
Resumption of Normal Processing
Plan Maintenance
Contingency Plan
Contingency Plan Distribution
Training Responsibilities
Plan Testing
Simulation Testing
Parallel Testing
Full Interruptive Testing
Testing Schedules

Supply / Forms Inventory
Off-Site Storage Rotation Inventory
Emergency Response Team Procedures
General Responsibilities
General Steps to Follow
Checklist for re-establishing Data Processing services
Checklist for re-establishing the network file server
Sample Checklist for Power Outage Emergency
Disaster Recovery Test Log

PANDEMIC INFLUENZA PREPAREDNESS PLAN – ADDENDUM TO DISASTER RECOVERY / BUSINESS CONTINUITY POLICY:
General Policy Statement
Procedures
Pandemic Response Team
Coordinator Duties
Team Member Responsibilities
Preparation
In the Event of Pandemic
Response Stages
Infection Control Measures
Functional Impact Matrix
High Focus Areas Service Maintenance
Communication
Assessment

Standard / Inhouse Risk Assessment:
This Assessment covers a risk assessment for the credit union & building itself including:

Physical Security
    -Server Room
    – Workstation/Laptop Security
    -Data Storage & Destruction
    -Data Backup & Availability
Administrative Security
    -Policy Issues
    -Personnel Security Issues
    -Systems Access Control Procedures
    -Software Acquisition and Licensing Issues
    -Asset Management Issues
    -Vendor Management Issues
    -Security Management Awareness Issues
Technical Security – Operations
    -Change Management Issues
    -System Monitoring Issues
    -Data Transmission Issues
    -Information Disclosure Issues
    -Business Continuity Planning Issues
Technical Security – Network Controls
    -Perimeter Device Issues
    -Network Architecture Issues
    -Device Configuration Issues
    -Wireless Network Issues
    -Remote Access Issues
    -Domain/Network User Access Issues
    -Core Business Application User Access Issues

Mobile Banking Risk Assessment:
This Assessment covers a risk assessment for the Mobile Banking Service for the credit union including:

Physical Controls
Network Controls
Environmental Controls
Data Access Controls