10/07/2002
Is there a way to determine whether or not an intrusion test provider has adequately tested a system? Are there specific prescribed procedures, methods or tests that should be used?
08/01/2002
HUD has published a proposal to make significant changes to the Good Faith Estimate that lenders issue within three days of taking an application. HUD calls this a "simplification" of the GFE.
02/11/2002
I am unsure what type of service providers we need a confidentiality agreement with. Some examples are: appraisers, realtors, surveyors, Insurance underwriters, Inspection companies, title companies, janitroial services, attorneys used for legal purposes for the financial insitution, attorneys used for title searches and other legal work involving a loan, Insurance companies use to obtain insurance coverage for the bank.
02/04/2002
What are the information security needs of a bank?Which laws/guidelines deal with information security needs of the bank?What are the steps involved in designing a security policy for a bank?
12/03/2001
DirectPointe provides managed computing services that include remote PC and Network Management services. We are working with a community bank in Utah that is interested in our services, but is concerned with any regulatory issues that may not allow us to have remote access to their network and PCs (since their network is connected to a service bureau, which has confidential information). Can you provide any information/insight into this issue? Can we provide remote services and if so, does our company need to meet certain requirements? Please let me know if you have recommendations.
10/01/2001
Can you recommend a good source or template for creation of an e-commerce enabled web hosting contract thatprotects a bank against liability with regards to its customers?
07/02/2001
How do banks intend to monitor their service providers to confirm that they are maintaining appropriate securitymeasures to safeguard the bank's customer information? We are looking for a practical, reasonable way to do this.
05/07/2001
I would appreciate any advice on where to start when developing our information security program.
01/15/2001
What is the best way for a bank to disclose their privacy policy if they want to use the 40.13 exception for service providers and joint marketing? Our bank wants to reserve the right to market our products through nonaffiliated third parties if the occasion arises, but we want to avoid having to do "optout" at this point.
01/15/2001
I've heard the term ASP quite a bit recently, but I'm not sure I understand the concept. Could you give me a quick description or explanation?