IT Examiner School

Examiner: Is the only time management reviews the employee acceptable use policy with employees is at the beginning of employment with the bank? NA Fossil: The ones that were hired before we had the policy had to go sign off on the policy once the Board approved it. At that point, you are correct. We thought that was a good point to have them review and sig off that they agreed to abide by the governance and be subject to possible disciplinary action. Examiner: You mentioned you recently brought the wire transfer system in-house- FedLine Advantage. That would have been after the last exam. I see you listed it- that’s good. Now you have a back-up as well. NA Fossil: Yes, that is correct. Senior management wanted to bring it in-house as our volumes are increasing. We have a contract with Banker’s Bank just in case the FedLine system fails. Examiner: Of course. Examiner: How is security incorporated into the strategic planning process? NA Fossil: I am requested to review the strategic plan before it is approved. I provide feedback as to what the new programs or processes need to ensure they are adequately secured. Of course this tends to increase costs, but the Board doesn’t mind spending money for new hardware.

Examiner: I saw all your locked shred cans throughout the building. Is this true of the branches as well? NA Fossil: Yes. All branches.

Examiner: Does the shred company destroy the sensitive information on site or off? NA Fossil: Onsite. They lift it to the back of their big truck and shred it there.

Examiner: Do you have a confidentiality clause inside the contract with the shred company? NA Fossil: No. Are you recommending we have one? Examiner: Yes, it is strongly recommended.