IT Examiner School

Training Video.

Employees are required to complete the GLBA

segment of Regulatory

University on an annual basis and pass the quiz. Employees are audited to ensure the required training is completed every year. If an employee violates customers information privacy, disciplinary actions will be conducted which could include termination. Controls (How is it protected?) All vendors are screened and a vendor contract is completed. Insurance coverage is requested on all vendors of a high risk status. Inspections may be completed for high risk vendors. References may be completed for high risk vendors. References may be requested on any new vendor.

VENDORS

Threats and Vulnerabilities

Inherent Risk

Effectiveness of Control ALL EFFECTIVE UNLESS OTHERWISE NOTED

Vendors

Unknown vendors

LOW

Vendor taking advantage of bank. Vendor going out of business unexpectedly. Unauthorized access by vendor. Vendor violating confidentiality of bank. Vendors causing damage to physical environment. Vendor not maintaining adequate control over their product or service.

MED

MED

MED

IN PROCESS

LOW/MED

MED

MED

Vendors’ closed due to

MED