Resources

Prior to giving users access to systems, employees should agree to acceptable use policies (AUP).  The attached document provides a simple AUP that lists all items that the end-user should be knowledgeable.  Click here to view our blog article on the requirements and contents of an good AUP.

The Information Classification policy works in conjunction with the Information Security Program and Acceptable Use Policy.   This policy governs information throughout the institution to classifying the sensitivity of data in order to apply appropriate safeguards in accordance with the data’s classification.

The Interagency Guidelines require that a report on the status of the information security program be completed annually. The attached sample provides the minimum requirements for this report.

A common unmitigated risk with ACH origination agreements is that the document is often silent on the selection of client-side dual controls.  The attached document can be used a a basis for determining this selection.