Topic Options
#2145715 - 09/12/17 03:17 PM Information Security Program
NeverEndingSupport Offline
100 Club

Registered: 01/14/04
Posts: 183
Loc: Alaska
Can anyone clarify whether the Information Security Program is required to be go before the FI's Board annually? My understanding is that the ISO must review the Program for effectiveness, making appropriate adjustments. The ISO's annual report to the Board should include substantive changes to the Program, if any. However, it is not necessary for the Program itself to be ratified by the Board every year?

Top
eBanking / Technology
#2145718 - 09/12/17 03:25 PM Re: Information Security Program [Re: NeverEndingSupport]
osucpa Offline
Diamond Poster

Registered: 05/13/11
Posts: 1250
Failure to perform and present an Annual Information Security Report to the Board is a violation of GLBA: Appendix B to Part 30.

Top
#2145731 - 09/12/17 04:19 PM Re: Information Security Program [Re: NeverEndingSupport]
rlcarey Online
10K Club

Registered: 07/16/01
Posts: 66657
Loc: Galveston, TX
The board, or designated board committee, should approve the institution’s written information security program; affirm responsibilities for the development, implementation, and maintenance of the program; and review a report on the overall status of the program at least annually.
_________________________
The opinions expressed here should not be construed to be those of my employer: PPDocs.com

Top
#2145757 - 09/12/17 08:03 PM Re: Information Security Program [Re: NeverEndingSupport]
NeverEndingSupport Offline
100 Club

Registered: 01/14/04
Posts: 183
Loc: Alaska
Thank you for the clarification

Top

Moderator:  Andy Z