Our Fedline Advantage users are leaving their tokens in their PCs overnight. Obviously best practice would be to lock these somewhere accessible only to the users. Has anyone received any regulatory criticism on this, or feel that they must be locked up? With the additional security measures of passwords, passcodes, software, etc, I'm having a hard time convincing myself locking these up is a necessary step.

Also, I feel a little more strongly that the VPN should be behind a locked door, but would appreciate some additional insight there as well.

Thanks!

Our staff take their tokens home with them. Part of disaster preparedness.

We just had a Fedline Advantage exam and our examiner was happy with the process we implemented. At the end of the day, each person with a token puts it in a bank SD box under dual control. In the morning they have to sign it back out under dual control also.

For BCP we have other procedures in place for back up if we can't get to the tokens.

You might want to refer to this thread. Apparently in your subscriber guide gives you specific guidelines that you have to abide by.

http://www.bankersonline.com/ubbthreads/showflat.php/Cat/0/Number/556804/an/0/page/0