Skip to content
 

Red Flag Program -- oversight from the Board

by Russ Horn, CISA, CISSP, CoNetrix

Question: What does the Red Flag Program annual report to the Board of Directors need to include?

Answer: First, you must involve the board of directors, an appropriate committee thereof, or a designated employee at the level of senior management in the oversight, development, implementation and administration of the Program, and you must obtain initial approval of the written Program from either the board of directors or an appropriate committee of the board. However, the Board or a committee of the Board must also approve material changes to the board, assign specific responsibility to implement the Program, and at least annually, review regular reports. The reports should include:

  • effectiveness of policies and procedures in addressing the risk of identity theft in connection with opening or accessing covered accounts;
  • service provider arrangements;
  • significant incidents involving identity theft and management's responses; and
  • recommendations for material changes to the program.


First published on BankersOnline.com 8/18/08

First published on 08/18/2008

Filed under: 
Security
Filed under compliance as: 
Board of Directors
Filed under security as: 
Audit
Board of Directors
GLBA
Identity Theft
IT
Policies
Training
Red Flags

Report a problem with this page

Search Topics