Skip to content
 

Red Flag - Separate Program Required?

by Russ Horn, CISA, CISSP, CoNetrix

Question: I already have Identity Theft covered in my Information Security Program or Fraud Prevention Program, is that good enough or do I need a separate Identity Theft Prevention Program document?

Answer: Unfortunately, the final ruling clearly states you must have a separate written Identity Theft Prevention Program designed to detect, prevent, and mitigate identity theft in connection with opening or accessing covered accounts. However, you can incorporate into your Identity Theft Prevention Program existing policies and procedures, such as those already developed in connection with your Information Security Program, Fraud Prevention Program, or Customer Identification Program.

First published on BankersOnline.com 8/11/08

First published on 08/11/2008

Filed under: 
Security
Filed under security as: 
Audit
Fraud
Red Flags
GLBA
Identity Theft
IT
Policies
Security
Training

Report a problem with this page

Search Topics