Skip to content
BOL Conferences
Forums · Active Threads · Forum Rules · Mark All Read · Log In
BankersOnline.com Forums Banker Forums eBanking / Technology Information Security Program
Thread Options
#2145715 - 09/12/17 07:17 PM Information Security Program
NeverEndingSupport Offline
100 Club
Joined: Jan 2004
Posts: 210
Alaska
Can anyone clarify whether the Information Security Program is required to be go before the FI's Board annually? My understanding is that the ISO must review the Program for effectiveness, making appropriate adjustments. The ISO's annual report to the Board should include substantive changes to the Program, if any. However, it is not necessary for the Program itself to be ratified by the Board every year?

Return to Top
eBanking / Technology
#2145718 - 09/12/17 07:25 PM Re: Information Security Program NeverEndingSupport
osucpa Offline
Diamond Poster
Joined: May 2011
Posts: 1,406
Failure to perform and present an Annual Information Security Report to the Board is a violation of GLBA: Appendix B to Part 30.

Return to Top
#2145731 - 09/12/17 08:19 PM Re: Information Security Program NeverEndingSupport
rlcarey Online
10K Club
rlcarey
Joined: Jul 2001
Posts: 83,352
Galveston, TX
The board, or designated board committee, should approve the institution’s written information security program; affirm responsibilities for the development, implementation, and maintenance of the program; and review a report on the overall status of the program at least annually.
_________________________
The opinions expressed here should not be construed to be those of my employer: PPDocs.com

Return to Top
#2145757 - 09/13/17 12:03 AM Re: Information Security Program NeverEndingSupport
NeverEndingSupport Offline
100 Club
Joined: Jan 2004
Posts: 210
Alaska
Thank you for the clarification

Return to Top

Moderator:  Andy_Z