Original Approval: July 30, 2008
GENERAL POLICY STATEMENT
The Credit Union maintains a Web site that is hosted by CU Solutions. All content is developed by the Management Team and maintained by Unity Catholic Federal Credit Union.
The Credit Union offers the following services electronically on the website:
VISA: Link to online access to VISA accounts. Apply for a VISA card.
HOME BANKING: Link to online access to Home Banking network
LOAN: Submit a loan application
1. POLICY AND PROGRAM RESPONSIBILITY
- Credit Union has established an website team, made up of the following staff, to maintain and monitor the Credit Union’s Web site: Business Development Manager and Management Team. The committee is responsible for maintaining the Credit Union’s Web site operations.
- Any new Web site ideas or initiatives must be reviewed by the Web site Committee and the Business Development Manger will present any new applications to the board of directors for approval.
- Management will establish and provide the Board of Directors with regular reports on its Web site activity and transactions.
2. RISK ASSESSMENT
- The Credit Union will regularly test the efficacy of its E-commerce systems to ensure proper working order and to prevent security weaknesses.
- The Management Team will classify the level of data sensitivity of services, technological and operational changes in E-commerce and maintain a current list of critical risk levels of security, virus detection and protection.
3. COMPLIANCE & LEGAL
The Credit Union ensures that its Web site will comply with all applicable laws and regulations. The Credit Union also monitors all changes in laws and regulations that affect E-commerce, and updates its E-commerce policies, practices, and systems accordingly in a prompt manner.
- The Credit Union has secured bond coverage for all of its Web site policies and procedures. Management has ensured that bond coverage is sufficient in the event of any loss due to an electronic transaction. Bond coverage is regularly assessed to ensure the sufficiency of coverage.
- The Credit Union will provide various Web site contracts and agreements to in-house auditors and federal examiners.
- The Credit Union maintains a Web site privacy disclosure that is available to all members who visit the Credit Union Web site.
- The Credit Union monitors and enforces compliance with its Web site privacy disclosures. In addition, the Credit Union will place appropriate warnings on its Web site, clearly stating that unauthorized access or use of the Web site is not permitted and may constitute a crime punishable by law.
4. AUDIT & CONSULTING SERVICES
- The Credit Union’s Web site activities will be subject to annual independent audits. At a minimum, these reviews will cover Web site: security, penetration testing, regulatory compliance, and maintenance.
- The Credit Union management will correct the issues of concern uncovered by the independent audit and/or quality review.
- The Credit Union will regularly required performance testing of its Web site to identify and prevent potential vulnerabilities.
5. VENDOR MANAGEMENT
- The Credit Union has obtained a vendor to install and/or maintain its Web site. The Credit Union has exercised due diligence in selecting its vendor to ensure that proper security measures are in place to protect member account information.
- The Credit Union will develop procedures to monitor vendor relationships to ensure that they continue to meet the needs of the Credit Union (i.e., hardware, software, network services, content accuracy, availability, usability, security, and privacy).
6. MEMBER SERVICE & SUPPORT
- Management will take steps to ensure that staff is adequately trained in order to address member support issues.
- Employees with access to member account information will receive a copy of the Credit Union’s Web site policy, must sign a compliance policy statement (confidentiality and information security) when hired by the Credit Union. Employees will be notified of the importance of maintaining the confidentiality of member account information and will be made aware of the Credit Union’s policies, procedures, standard practices, and disciplinary actions that will be taken against the employee for non-compliance with the Credit Union’s privacy and information security policies and procedures. The Credit Union policy prohibits staff from inappropriately disclosing member account information to any third party.
- The Credit Union limits access to sensitive information to specific employees to ensure confidentiality of member account information. Employees have been trained on the proper procedures for filing reports to the appropriate regulatory and law enforcement agencies. Management will routinely monitor employees for compliance with the Credit Union’s state policies, procedures, and standards.
- The Credit Union has conducted background checks on its employees, and will thoroughly investigate any allegations of employee misconduct.
- Management has implemented procedures and training with employee support, in the event of a termination, transfer, promotion, etc. Employees involved with the Credit Union’s Web site transactions are kept up-to-date with changes in the policies and procedures of the Credit Union.
8. SYSTEM ARCHITECURE AND CONTROLS
- The Credit Union maintains an inventory of hardware and software to ensure continuity of service in the event of a technological failure, natural disaster, or intentional destruction of its electronic systems. The Credit Union (or its vendor) maintains procedures to allow the Credit Union to restore its previous configuration in the event a software modification adversely affects the Web site.
- The Credit Union has implemented a disaster recovery system as part of its business continuity plan. This system will be monitored regularly and updated as needed as a result of changes in technology, legislation, and infrastructure.
UNITY CATHOLIC FEDERAL CREDIT UNION, INC.
1. SECURITY INFRASTRUCTURE AND CONTROLS
- The Credit Union maintains security measures consistent with the requirements of federal and state regulations, including risk management systems designed to prevent unauthorized access, both internal and external, to member information.
- The Credit Union has procedures in place to protect the member’s information, in the event of natural disasters, intentional destruction, or technical failure.
- Management monitors employees with access to members’ account information to ensure they are in compliance with the Credit Union procedures.
- All member account information is stored on servers protected with Enter Protection Software or Hardware to prevent unauthorized access and/or damage. The protections are monitored on a regular basis to assess potential security weaknesses.
- Access to member accounts is restricted to members through the use of user ID numbers and passwords. Account passwords that are not entered correctly after the Enter Time Period, generally in minutes time will result in an automatic log off to the session.
- The Credit Union has implemented an intrusion detection system to monitor activity and alert the credit union immediately in the event of a security breach. The Credit Union’s oversight committee has been trained to handle such breaches in a timely and effective manner.
2. PERFORMANCE MONITORING
The Credit Union has established and implemented performance standards and monitoring procedures for its Web site activities. These standards and procedures are designed to ensure that the Credit Union’s E-commerce and Web site activities are available and efficiently meet member needs and expectations. The procedures are updated on a regular basis, as a result of changes in long term and short term plans, as well as in response to member needs.