Skip to content
BOL Conferences
Thread Options
#279239 - 11/23/04 10:42 PM Information Security Testing
DogLover Offline
100 Club
DogLover
Joined: Aug 2003
Posts: 146
Sunny Florida
When performing a review to determine whether sensitive information is being properly safeguarded, should files with customer account information be kept under lock and key overnight? Does anyone have any monitoring procedures/checklists that they utilize to check for compliance with GLBA?

Return to Top
Audit
#279240 - 02/18/05 11:52 PM Re: Information Security Testing
Anonymous
Unregistered

I don's recall that the interagency guidelines say anythign specific about this, but it is good policy to keep all sensitive information locked when employees aren;t around to guard it. At a bank I formerly worked at, it was required to lock everything, including our rolodex! Mainly, it is to prevent service providers who come in nightly after business hours from gettign information or even spying. I know these vendors must sign privacy contracts, but you would not want to temp them either.

Return to Top
#279241 - 02/21/05 02:46 AM Re: Information Security Testing
Sisyphus Offline
100 Club
Sisyphus
Joined: Jun 2004
Posts: 214
Connecticut
The safeguards should be determined by your risk assessment--what are your areas of vulnerability and what is a reasonable way to limit those risks?
_________________________
Michele A. Johnson, Compliance Manager Integrated Compliance Solutions, LLC

Return to Top
#279242 - 02/23/05 02:15 PM Re: Information Security Testing
J2C Offline
Diamond Poster
Joined: May 2004
Posts: 1,475
Big Brother knows and that's a...
Quote:

I don's recall that the interagency guidelines say anythign specific about this, but it is good policy to keep all sensitive information locked when employees aren;t around to guard it. At a bank I formerly worked at, it was required to lock everything, including our rolodex! Mainly, it is to prevent service providers who come in nightly after business hours from gettign information or even spying. I know these vendors must sign privacy contracts, but you would not want to temp them either.




I agree with Anon. It is our policy that all loan files and what-not be put back into the vault overnight. In addition, we do not leave documents on copiers or printers. We have a very strict policy when it comes to safeguarding customer information.
_________________________
My opinion is mine only- not my employer's!


Return to Top

Moderator:  Andy_Z