Original anon, what regulatory agency, if I may ask?
The Directors of Risk Management and Human Resources finally put on their BIG BOY PANTIES however claim this action is a product of their partnership and collective expertise.
The guidance was actually a result of the information technology examination.
Just as poster rcleary said 3 years ago, the emphasis is when employees take their 5 consecutive days away from the bank to disable permissions for VPN service access, smart phone access and facilities access. What is so difficult about that and why should there be push back from risk managment?
Of course there will need to be a collaborative effort between the employee’s management, human resources, facilities management and network services in order to make this work.