CastleGarde utilizes a tiered approach and methodology for ongoing assessment, development, and support of the Information Security Plan that is specific to your needs and requirements. We strictly adhere to the requirements defined by NCUA regulations (12 CFR Part 748.0, Appendix A – Guidelines for Safeguarding Member Information and Appendix B – Guidance on Response Programs for Unauthorized Access to Member Information and Member Notice.)
As defined by CastleGarde, and increasingly used as standard reference within the security industry, the following terminology will be used in the development of the policy and standards framework:
- Information Security Policy and Procedures Review GAP Analysis will be performed and documented. This comparison of existing policies and procedures relative to required policies and procedures will provide a roadmap for the development of the Information Security Standards and Procedures (Information Security Plan).
- Information Security Policy is a high level policy document incorporating NCUA requirements. This document is approved by the Board of Directors as the overall Credit Union Information Security Policy.
- Information Security Standards and Procedures address the acceptable level of security for each topical area outlined in the policy and describes how to implement and monitor the required level of information security, as outlined in the standards. Standards define the level of security based on specific technology, site implementation, mechanics and/or vendors. Standards also define the authorized and appropriate use of information technology within the site in clear alignment with compliance (regulatory) requirements. Procedures map directly to the standards and specify the step-by-step directions for complying with those standards.
- User Guidelines are an abbreviated version of the Information Security Standards and Procedures. As a part of your internal processes, CastleGarde builds a set of User Guidelines based upon your Information Security Standards and Procedures. These guidelines provide quick access to key information used frequently by most employees. This document should be provided to each employee of the Credit Union.
Deliverables: Information Security Policy Plan Development
CastleGarde will deliver a full hardcopy and electronic version of the following on a CD in a standard, machine readable format (Microsoft Word 2003, Microsoft PowerPoint).
- Information Security Plan – Board Level GAP Analysis Report
- Information Security Plan – Board Policy
- Information Security Standards and Procedures document
- Information Security User Guidelines
- Information Security Plan – Board Presentation (if desirable to the credit union)
- On-site Training
- Web-based Training
- Annual updates/changes to all aforementioned documents as required by regulatory bodies over the life of the contract.