An examiner (OCC) told me all employees have to be trained on each regulation every 18 months. Where can I find this requirement in the regulations?
Are there any requirements or criteria for Penetration testing? Can we perform the penetration testing ourselves? If we hire a third party vendor, should we require documentation saying they are authorized by the Regulators to perform the tests or that the testing will meet certain standards? Does the penetration testing requirement only apply to wired network or do we have to have penetration testing on the wireless as well?
In the June issue of the BANKERS' HOTLINE the front-page article entitled "Privacy II" talks about implementing the provisions of the Gramm-Leach Bliley Act (GLBA) 501(b).
Per the recommendation of information found on BOL, I utilized the "Certificate of Compliance With the Right to Financial Privacy Act of 1978". Our local authorities have been advised from their managing associate judge to refuse to sign this form. Can you give me suggestions?
Where's a good source for obtaining the basic knowledge needed for a novice to conduct an audit for the areas electronic banking and Internet banking?
What noteworthy marketing developments can you share with us?
What do you suggest for annual security training for back office (mostly non-customer contact) employees? We have completed the retail (front-line) training and robbery is not likely to effect the back office staff. Are we required to train the back office staff on robbery each year?