Cybersecurity & Information Security

This is a policy guide to comply with Cybersecurity and Information Security management as a mortgage banker, mortgage servicer or mortgage broker. This is a separate policy guide. Once purchased this guide will be customized to your specifications. You will receive an immediate invoice receipt with a download link to a questionnaire with some simple questions to answer and receive your customized guide within 24-48 hours. This is written for independent mortgage bankers but can be customized for depository financial institutions and credit unions. 

Table of Contents

POLICY STATEMENT

• Purpose
• Scope
• Policy and Procedure Auditing
• Information

CYBERSECURITY & INFORMATION SECURITY POLICY

• Third-Party Providers of Service
• Chief Information Security Officer (CISO)
• Annual Training
• Employee and Contractor Access to Information
• Security
• Personnel and Intelligence

ASSESSMENTS

• Risk Assessments
• Penetration Testing and Vulnerability Assessments
• FFIEC Cybersecurity Risk Assessment Tool
• Statement on Standards for Attestation Engagements (SSAE19)

PROCESSES & RESPONSIBILITIES

• Multi-Factor Authentication
• Encryption of Non-Public Personal Information
• Device Protection
• Email Protection
• Password Management
• Secure Data Transfer
• Reporting Suspicious Activity
• Security Breaches
• IT Responsibilities
• Remote Contractors and Employees
• Disciplinary Action

INCIDENT RESPONSES

CURRENT TECHNOLOGY PROVIDERS/VENDORS

RECORD & DATA RETENTION

APPENDIX A (Definitions)

• Agreed-Upon Procedure Engagements
• Cybersecurity Event
• Multi-Factor Authentication
• Nonpublic Information
• Penetration Testing
• Risk-Based Authentication