Red Flag Program – oversight from the Board
by Russ Horn, CISA, CISSP
Question:
What does the “Red Flag” Program annual report to the Board of Directors need to include?
Answer: First, you must involve “the board of directors, an appropriate committee thereof, or a designated employee at the level of senior management in the oversight, development, implementation and administration of the Program”, and you must obtain initial approval of the written Program from either the “board of directors or an appropriate committee of the board”. However, the Board or a committee of the Board must also approve material changes to the board, assign specific responsibility to implement the Program, and at least annually, review regular reports. The reports should include:
effectiveness of policies and procedures in addressing the risk of identity theft in connection with opening or accessing covered accounts;
service provider arrangements;
significant incidents involving identity theft and management’s responses; and
recommendations for material changes to the program.
CoNetrix specializes in providing information technology consulting and security and compliance services for banks. We offer a wide variety of solutions including IT/GLBA Audit and Assessment, Penetration Testing, Security Policies, Business Continuity Planning, Network Design and Implementation, Security Awareness Training, Information Security Program, and Identity Theft Prevention Program (Red Flag). For additional information, please call (800) 356-6568, e-mail info@conetrix.com or visit us at www.CoNetrix.com.
BankersOnline is a free service made possible by the generous support of our advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all banking professionals. Support our advertisers and sponsors by clicking through to learn more about their products and services.
Print Friendly!
Email This Article!
Discuss NOW!
