Skip to content
BOL Conferences Top Gun 23
Thread Options
#1593802 - 08/18/11 06:29 PM computers timing out
Tessie Offline
100 Club
Joined: Jan 2006
Posts: 155
Our home office has our computers timing out every 15 minutes which is a real pain. Is there any reg or rule regarding having them time out or does the Home Office make up their rules?

Return to Top
eBanking / Technology
#1593841 - 08/18/11 06:52 PM Re: computers timing out Tessie
Reads Regs Offline
Diamond Poster
Joined: Nov 2004
Posts: 2,296
This is probably part of your bank's information security program. You are required to safeguard customer information. If a CSR walks away from a desk and leaves customer information on his/her computer screen, another customer could see it. To prevent this, some banks have set up automatic timeouts.

The following document on the FFIEC references automatic timeouts but does not state after how long it should kick in. http://ithandbook.ffiec.gov/it-booklets/...vironments.aspx

Refer to the interagency guidelines on information security. OCC Appendix B to Part 170
_________________________
Opinions expressed are my own and not necessarily those of my employer. They are not legal advice.

Return to Top
#1593859 - 08/18/11 07:14 PM Re: computers timing out Reads Regs
Doug Hendrickson Offline
Power Poster
Doug Hendrickson
Joined: Oct 2009
Posts: 3,927
The time out periods are going to be a function of your bank. They sometimes depend on the location of your computer and the sensitivity of the information you usually access (e.g., a new accounts or loan processor may time-out prior to a back-office operations person).

Our corporate standard is 5 minutes and you're expected to enable the screen saver (which is passowrd protected) if you leave your desk. It's an inconvenience, but as a former IT security officer it's pretty much standard practice.
_________________________
I hear and I forget. I see and I remember. I do and I understand.--Confucius

Return to Top
#1594530 - 08/20/11 01:56 PM Re: computers timing out Doug Hendrickson
rlcarey Offline
10K Club
rlcarey
Joined: Jul 2001
Posts: 80,392
Galveston, TX
I was just in a bank where the time-out was 2 minutes.
_________________________
The opinions expressed here should not be construed to be those of my employer: PPDocs.com

Return to Top
#1595434 - 08/23/11 07:54 PM Re: computers timing out Tessie
Russ Horn Offline
100 Club
Russ Horn
Joined: May 2008
Posts: 139
I agree with Reads Regs, this is probably part of your Information Security Program - and, while the FFIEC guidance does not specify the time interval before the lockout, most institutions put the time at 15 min. or less (depending on exposure and risk) - also, it is good to note the Visa PCI/DSS standards require a lockout after no more than 15 minutes (PCI 8.5.15 - see quote below) - while not all banks or bank systems may fall under these requirements, they are a good standard to follow...

"PCI 8.5.15 - If a session has been idle for more than 15 minutes, require the user to re-authenticate to re-activate the terminal or session."

I hope this helps some.

Thanks,
Russ
_________________________
Russ Horn, CISA, CISSP, CRISC
CoNetrix
rhorn@conetrix.com

Return to Top

Moderator:  Andy_Z