No. 2001-02
DATE: May 17, 2001
SUBJ: Information Systems - Network Security Guidelines
TO: The Corporate Credit Union Addressed:
The attachment, “Information Systems – Network Security Guidelines,”
is to provide guidance to corporate credit unions for managing the risks involved
in their Information Systems (IS) environments. These are general guidelines,
and their issuance is intended to provide the basic criteria utilized by OCCU
to assess IS environments. The criteria, however, are not absolute and will
be used within the context of each corporate’s technology. A critical
factor considered during OCCU’s evaluation is whether corporate management
has developed and is implementing, at a reasonable pace, an IS security program
that is commensurate with the degree of risk in its technological environment.
Our commitment is to work with corporates in the development of a technology base that can deliver cost effective member services in a secure environment. A continuing dialogue on security issues before, during, and following onsite contacts will help assure that goal. Please contact your district examiner, this office, or your State Supervisory Authority on any security matters you would like to discuss.
Sincerely,
Robert F. Schafer
Director
Office of Corporate Credit Unions
OCCU/SLF:sf:gc
cc: State Supervisory Authorities
NASCUS
NAFCU
ACCU
Office of Examination and Insurance
bcc: Reading File
Regional Directors
All OCCU Staff
Office of General Counsel
draft: S:\WorkIn Process\Office Staff\Detailee\IS Security Guidance Letter.doc
final: S:\Directives\OCCUGuidanceLetter\2001-02-IS Security.doc
Attachment in PDF format--IS
GuidanceLetterAttachment.PDF