What is an Information Security Policy?
An Information Security Policy is the guiding document and the backbone of your information security program. It should be a high-level description of the controls your bank will use to secure your information. This policy is also a GLBA requirement.
What is CBC's approach to writing an information security policy?
Practical. We produce well branded, clear, concise policies that state what controls your bank has in place. The main purpose of these policies is to comply with regulations. If you have a secure, efficient IT infrastructure, you do not need a document stating it unless you are subject to regulations requiring the document. Unfortunately, banks are required to go through the motions. That is why CBC creates policies that present, look and read very professionally. We include just enough of the right information, but not too much. Our common goal is that your bank has a policy that is compliant while not creating the burden to show evidence of its use or to maintain.
Does CBC help community banks prepare for and navigate exams?
Yes. We have an incredible amount of experience helping community banks successfully negotiate exams. Our clients can attest to how we prepare all their IT materials and meet with the examiners regarding IT matters. Because we plan, because we execute, because we document, our entire process of caring for a community bank's IT system and information security program is extremely exam ready.
If you would like to learn more about our IT policy services, please contact us or call:
- Paul Elder at 614-848-3189 ext. 121
- Larry Krietemeyer at 614-848-3189 ext. 143
The expertise and learning that they bring to the organization is very helpful. Their professionalism, sharing of ideas, and willingness to sit and talk when we want them to, is a big help.