The board, or designated board committee, should approve the institution’s written information security program; affirm responsibilities for the development, implementation, and maintenance of the program; and review a report on the overall status of the program at least annually.
_________________________
The opinions expressed here should not be construed to be those of my employer:
PPDocs.com