Give a summary of how you implemented the plan, risk assessment, when it was adopted by the board, etc.
Effectiveness of Policies and Procedures:
Identify training procedures and the effectiveness of the procedures for identifying and preventing identity theft.
Service Provider Arrangements:
Outline your procedures for making sure service provider contracts address security and confidentiality.
Significant Incidents Involving Identity Theft and Management’s Response:
Discuss any issues identified and their resolution.
Recommendations for Material Changes to the Program:
Make any necessary recommendation for changes in the program that the review may have uncovered.
For the risk assessment we listed a chart of all our accounts, their methods of opening, how they can be accessed and if there are any 3rd party vendors with access to the account. We then identified the risks such as opening or accessing an account face to face, by telephone, etc. and how we would put procedures in place to minimize these risks.