Thread Options Tools
#2047 - 05/30/01 01:17 PM INFORMATION SAFEGUARDING POLICY
Jeff Offline
New Poster
Jeff
Joined: May 2001
Posts: 9
Lindale,Texas 75771 USA
We are a small community bank, I have written our Information Safeguarding Policy.

It is fairly brief-with few employees and a small building we pretty well know when someone is out of their area.

Are others having a dilemma about having a short policy? I really don't want to fill it full of useless and potentially critical information.

------------------
Jeff

_________________________
Jeff

Return to Top
General Discussion
#2048 - 05/30/01 03:18 PM Re: INFORMATION SAFEGUARDING POLICY
Andy_Z Offline
10K Club
Andy_Z
Joined: Oct 2000
Posts: 27,450
On the Net
Substance is all that matters.

I wouldn't worry that it is brief, does it cover what it needs to? Does it tie with any other policies to fill gaps? Have all the issues been addressed?

There may be some issues that simply do not apply to your small bank. Just ensure you reviewed the regulatory guidance, addressed the necessary issues and implemented what was said would be done.

------------------
Andy Zavoina
Opinions stated are not necessarily that of my employer.

_________________________
AndyZ CRCM
My opinions are not necessarily my employers.
R+R-R=R+R
Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell

Return to Top
#2049 - 05/30/01 03:24 PM Re: INFORMATION SAFEGUARDING POLICY
Jeff Offline
New Poster
Jeff
Joined: May 2001
Posts: 9
Lindale,Texas 75771 USA
Have tried to "marry" this policy with other related policies in existence. But my only worry is just how specific the examiners will be.

If Jane from new accounts is digging in a credit file Martha will ask her what she is doing there!

_________________________
Jeff

Return to Top
#2050 - 05/31/01 04:42 AM Re: INFORMATION SAFEGUARDING POLICY
Andy_Z Offline
10K Club
Andy_Z
Joined: Oct 2000
Posts: 27,450
On the Net
Well, the specificity of the examiners is an unknown. My advice is do the best you can now and adjust as you get feedback. There is nothing wrong with talking to your examiners now and asking what they anticpate the standards to be.

Reviews will vary in technical expectations from intrusion potential and testing on your systems, to LAN security, to time elapsed before a PC screensaver is kicked in and is a password required to get out of it to shred policies.

------------------
Andy Zavoina
Opinions stated are not necessarily that of my employer.

_________________________
AndyZ CRCM
My opinions are not necessarily my employers.
R+R-R=R+R
Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell

Return to Top