Compliance Services

NCUA 12 CFR Part 748 Services

NCUA 12 CFR Part 748 Appendix A Assessment Services

The National Credit Union Administration (NCUA) has established appropriate standards for federally-insured credit unions relating to administrative, technical, and physical safeguards for member records and information. Included in these standards is NCUA 12 CFR Part 748 Appendix A, which insures the security and confidentiality of member records and information, protects against any anticipated threats or hazards to the security or integrity of such records, and protects against unauthorized access to or use of such records or information that could result in substantial harm or inconvenience to any member.

Assessment Tasks Include:

  • Assess Risk
  1. Identify reasonably foreseeable internal and external threats that could result in unauthorized disclosure, misuse, alteration, or destruction of member information or member information systems
  2. Assess the likelihood and potential damage of these threats, taking into consideration the sensitivity of member information
  3. Assess the sufficiency of policies, procedures, member information systems, and other arrangements in place to control risks
  • Manage and Control Risk
  1. Design an information security program to control the identified risks, corresponding to the sensitivity of the information as well as the complexity and scope of the credit union's activities
  2. Train staff to implement the credit union's information security program
  3. Regularly test the key controls, systems, and procedures of the information security program
  4. Develop, implement, and maintain, as part of its information security program, appropriate measures to properly dispose of member information and consumer information in accordance with the provisions in paragraph III
  • Oversee Service Provider Arrangements
  1. Exercise appropriate due diligence in selecting service providers
  2. Require service providers by contract to implement appropriate measures designed to meet the objectives of these guidelines
  3. Monitor service providers to confirm that they have satisfied their obligations as required by paragraph D.2


  • Executive Summary and Detailed Technical Report - This report will provide a high-level overview of the assessment process, methodology used, and overall risk to the organization based on the results of the policy and procedure review as well as associated risks and remediation recommendations

Let Compass IT Compliance assist your organization in assessing any risks present through our NCUA 12 CFR Part 748 Appendix A Assessment so you can secure your customer data environment, comply with regulatory compliance requirements, and save time, money, and resources in the process. Contact Us today to discuss your unique situation. Secure. Comply. Save.

Finance Blog Posts

Contact Us