Answer:
What is "required" and what is a "best practice" can differ, with the former being pretty basic and not usually sufficient. Information Security training is required under the Interagency Guidelines for Safeguarding Customer Information.
The requirements should be in your policy, but basically the Statement says that employees should be able to recognize, respond to, and report unauthorized attempts to obtain customer information. How you bring that into computer access, email and other programs will depend on your use of those programs.
First published on BankersOnline.com 2/11/08
print
share