01/29/2007
What should my bank have on file regarding service provider documentation? Some vendors send us tons of paper while others send nothing. What is practical and acceptable?
07/10/2006
We are in the process of developing a more comprehensive IT/Information Security policy for our growing institution. What recommendations can you make regarding content that will ensure compliance with regulations? Are you aware of any sample policies that meet regulatory criteria that we can refer to for guidance? We are most interested in sucessful ways of incorporating GLBA requirements.
01/27/2006
by Jimmy Sawyers, BOL Guru
Director of Consulting
Reynolds, Bone & Griesbeck PLC
12/05/2005
Is there an annual IT certification the board must make for Graham Leach Bliley compliance?
08/15/2005
Our organization uses a vendor to service our mortgage loans. The vendor emails trial balance data, (loan numbers, names, balances, etc.) to us. The emails are password protected. Is this sufficient under GLBA or must the emails be encrypted?
09/06/2004
We occasionally receive telephone inquiries to verify that a customer account number is active/correct, because the customer signed up for an electronic payment. Our privacy policy requires that we obtain a written authorization from the customer to release information. Is verifying an account number given to us considered releasing information? We are trying to obtain authorization from the customer before verifying an account number.
08/04/2003
As it relates to IT examinations, what are the top "hot buttons" for regulators?
03/17/2003
We are in the process of developing a more comprehensive IT/Information Security policy for our growing institution. What recommendations can you make regarding content that will insure compliance with regulators? Are you aware of any sample policies that meet regulatory criteria that we can refer to for guidance? We are most interested in sucessful ways of incorporating GLBA requirements.
02/03/2003
I would welcome any suggestions regarding how to conduct an information technology risk assessment.
04/22/2002