Skip to content

Strengthening Your Customer Information Policy & Procedures

Answered by: 

We have a policy and procedures on Safeguarding Customer Information. My problem is, FDIC EDP examiner wants more meat on it, such as; address logical and physical access controls to CIF. No incident response policies? I can't find the information in the Federal Register. Vendor oversight requirements have not been formalized, Can you direct me to any site that will have examples or answers to these questions?

Take a look at the 8 different security measures your institution is required to evaluate and, if you determine them appropriate, adopt, under the Information Security Guidelines.

Logical access controls is the way they are referring to the first category of security measures. It includes things ranging from call verification procedures to passwords. Physical access controls includes things like key controls and inventories, and restricting access to areas and files within your institution (such as the server room) and outside storage facilities.In Banker Tools, you will find a matrix I created to help determine how much oversight you need to give to a particular vendor's information security program, based upon the sensitivity of the customer information to which they are privy and whether they are already directly subject to the guidelines.

There are a number of articles on the site relating to these requirements. There is also an ondemand seminar "Can your information security program pass the test?" available for purchase in the BOL Banker Store.

First published on 1/20/03

First published on 01/20/2003

Banker Store View All

From training, policies, forms, and publications, to office products and occasional gifts, it’s available here:

Banker Store

hot right now

image description

Looking for effective, convenient training on a particular subject?

BOL Learning Connect offers more than 200 courses ON-DEMAND or on CD ROM from AML to Reg Z and every topic in between.

Search Topics