IT Examiner School eBook May 2025

Internal Use Only

Regulations & Guidance - NCUA Appendix A (“Guidelines for safeguarding member information”) & Appendix B (“Guidance on Response Programs for Unauthorized Access to Member Information and Member Notice”) of 12 CFR 748 (“Security Program”)

Internal Use Only

Use of Supervisory Guidance Agencies issue supervisory guidance, such as interagency statements, advisories, policy statements, questions and answers, and FAQs

Supervisory guidance does not have the force and effect of law

Guidance outlines supervisory expectations or priorities and views regarding appropriate practices for given subject areas Federal Agencies (e.g., FDIC), do not take enforcement actions based on supervisory guidance;

Important Note: Check with your own agency, as the approach may differ from that of the federal agencies.

Source: https://www.ecfr.gov/current/title-12/chapter-III/subchapter-A/part-302