This is a policy guide to comply with Cybersecurity and Information Security management as a mortgage banker, mortgage servicer or mortgage broker. This is a separate policy guide. Once purchased this guide will be customized to your specifications. You will receive an immediate invoice receipt with a download link to a questionnaire with some simple questions to answer and receive your customized guide within 24-48 hours. This is written for independent mortgage bankers but can be customized for depository financial institutions and credit unions.
Table of Contents
POLICY STATEMENT
- Purpose
- Scope
- Policy and Procedure Auditing
- Information
CYBERSECURITY & INFORMATION SECURITY POLICY
- Third-Party Providers of Service
- Chief Information Security Officer (CISO)
- Annual Training
- Employee and Contractor Access to Information
- Security
- Personnel and Intelligence
ASSESSMENTS
- Risk Assessments
- Penetration Testing and Vulnerability Assessments
- FFIEC Cybersecurity Risk Assessment Tool
- Statement on Standards for Attestation Engagements (SSAE19)
PROCESSES & RESPONSIBILITIES
- Multi-Factor Authentication
- Encryption of Non-Public Personal Information
- Device Protection
- Email Protection
- Password Management
- Secure Data Transfer
- Reporting Suspicious Activity
- Security Breaches
- IT Responsibilities
- Remote Contractors and Employees
- Disciplinary Action
INCIDENT RESPONSES
CURRENT TECHNOLOGY PROVIDERS/VENDORS
RECORD & DATA RETENTION
APPENDIX A (Definitions)
- Agreed-Upon Procedure Engagements
- Cybersecurity Event
- Multi-Factor Authentication
- Nonpublic Information
- Penetration Testing
- Risk-Based Authentication