Sample – Credit Union IT Systems Compliance and Legal Issues
July 15, 20101.0 Overview
This policy defines the basic elements required for the <Company Name> Information Systems Compliance and Legal Issues Monitoring.
2.0 Purpose
To evaluate whether management practices relative to IT have been designed to properly address regulatory compliance and other legal issues.
3.0 Scope
The scope of this policy includes all personnel, including external vendors, who have access to or are responsible for defining, planning or designing the requirements for the production systems for any and all systems located at the <Company Name> facility.
4.0 Policy
4.1 Management will ensure that all procedures are sufficient to ensure compliance with applicable laws and regulations such as Fair Credit Reporting Act (FCRA), Electronic Funds Transfer Act (EFTA), Truth In Savings Act (TISA), and Truth in Lending Act (TILA).
Management should have a process in place to ensure that procedures are updated as necessary to reflect changes in, or requirements to comply with, regulations.
4.2 Management will implement procedures to ensure that user transactions subject to the Bank Secrecy Act are flagged and reviewed for compliance and necessary reporting.
Similar to above, management should have a process in place to ensure that the system flags individual/aggregate transactions subject to the Bank Secrecy Act reporting requirements.
4.3 When new IT relationships are established, management will ensure that the service agreements and/or disclosures provided to users are commensurate with IT services offered.
4.4 Management will routinely monitor to ensure agreements and disclosures are updated and distributed as necessary.
4.5 There will be a policy in place that adequately addresses the collection and use of personal information as it relates to user privacy.
4.6 All comprehensive privacy disclosures will be provided to all on-line users.
4.7 The [Corporate] will monitor and enforce compliance with the privacy disclosures included on the website.
4.8 Policies and procedures will be put in place describing the methods to use to validate transactions, e-mails, and other contractual obligations relating to IT.
Methods used to authenticate users might include unique passwords or PINs known only to the user.
4.9 Warning banners will be put in place to clearly state that unauthorized access or use is not permitted and may constitute a crime punishable by law.
4.10 Policies and procedures will require the periodic review of contracts, partnerships, and affiliations by legal counsel.
4.11 For multi-state/multinational considerations, legal counsel will review the [Corporate]’s IT policies, procedures, and practices to ensure compliance with the regulations applicable to the states/countries in which users reside.
4.12 The [Corporate] will proactively review the adequacy of its bond coverage as IT services are modified (new, revised or terminated services, etc.).
Management should determine whether existing bond coverage will adequately cover IT activities, or if coverage is necessary and available through other resources.
4.13 Legal counsel will be consulted for significant matters such as IT contracts, partnerships, and affiliations.
The [Corporate] may not have legal counsel on staff; however, certain matters, such as contractual arrangements, partnerships, and interpretation of legal matters may necessitate a review by a legal professional. This review should entail ensuring compliance with applicable laws and regulations.
4.14 Management will actively monitor applicable laws and regulations and update related policies and procedures accordingly.
Many existing laws and regulations (refer to Letter No. 97-CU-5 and Regulatory Alert No. 98-RA-4) are impacted by IT. In addition, new laws and regulations (Gramm-Leach-Bliley Act, Child On-Line Privacy Act, and Digital Signatures Act) are being introduced as a result of this activity. Management must have a process in place to ensure that policies and procedures are in compliance with any new, as well as, existing laws and regulations.
4.15 Appropriate procedures will be put in place to ensure that IT transactions are legally binding (e.g., verifiably performed by the appropriate party) and cannot be repudiated.
In some instances, IT is evolving more rapidly than the legal standards and remedies. As such, the [Corporate]’s procedures and practices for ensuring that IT transactions are legally binding (can not be repudiated) may need to be addressed by legal counsel.
4.16 The [Corporate]’s website will include an approved privacy statement.
Rules & Regulations Part 716 and 748 discuss the privacy issue. Among other reasons, a good privacy statement, meeting the needs and desires of the usership, may encourage users to sign up for and use the IT services.
5.0 Enforcement
Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.
6.0 Definitions
Term Definition
7.0 Revision History
BestITDocuments, Inc. Disclaimer
These tools are provided to you at no charge and in as-is condition. While BestITDocuments considers these tools to be potentially valuable aids in the development and review of security policies, BestITDocuments hereby disclaims any and all warranties whatsoever, express or implied, regarding these tools. Specifically, BestITDocuments hereby expressly disclaims any and all implied warranties including, but not limited to, any implied warranties of merchantability, fitness for a particular purpose, good workmanship or other such similar warranty.
These tools are designed to be use by trained computer networking professionals who understand security principles, and are offered by BestITDocuments at no charge to be used at your discretion and at your own risk. By downloading and using these tools, you agree to indemnify, defend and hold harmless BestITDocuments and its affiliates, subsidiaries, directors, officers, employees, agents, successors and assigns (“Related Parties”) from and against any claim, action, loss, damage, expense or liability, including without limitation, defense costs, reasonable attorneys’ fees, penalties and fines, asserted against or incurred by BestITDocuments or its Related Parties, directly or indirectly, by reason of, arising out of or resulting from your use of these tools.
https://www.bestitdocuments.com/Samples