Compliance Services

NCUA 12 CFR Part 748 Services

NCUA 12 CFR Part 748 Appendix A Assessment Services

The National Credit Union Administration (NCUA) has established appropriate standards for federally-insured credit unions relating to administrative, technical, and physical safeguards for member records and information. Included in these standards is NCUA 12 CFR Part 748 Appendix A, which insures the security and confidentiality of member records and information, protects against any anticipated threats or hazards to the security or integrity of such records, and protects against unauthorized access to or use of such records or information that could result in substantial harm or inconvenience to any member.

Assessment Tasks Include:

  • Assess Risk
  1. Identify reasonably foreseeable internal and external threats that could result in unauthorized disclosure, misuse, alteration, or destruction of member information or member information systems
  2. Assess the likelihood and potential damage of these threats, taking into consideration the sensitivity of member information
  3. Assess the sufficiency of policies, procedures, member information systems, and other arrangements in place to control risks
  • Manage and Control Risk
  1. Design an information security program to control the identified risks, corresponding to the sensitivity of the information as well as the complexity and scope of the credit union's activities
  2. Train staff to implement the credit union's information security program
  3. Regularly test the key controls, systems, and procedures of the information security program
  4. Develop, implement, and maintain, as part of its information security program, appropriate measures to properly dispose of member information and consumer information in accordance with the provisions in paragraph III
  • Oversee Service Provider Arrangements
  1. Exercise appropriate due diligence in selecting service providers
  2. Require service providers by contract to implement appropriate measures designed to meet the objectives of these guidelines
  3. Monitor service providers to confirm that they have satisfied their obligations as required by paragraph D.2

Compass IT Compliance Services

  • NCUA 12 CFR Part 748 Risk Assessment - Assess your current level of compliance with NCUA 12 CFR Part 748, identify gaps in controls, and identify key work areas that your organization must address to achieve and/or maintain compliance with the standard
  • NCUA 12 CFR Part 748 Audit - Our experienced, certified IT Auditors will examine your IT controls mapped against NCUA 12 CFR Part 748 requirements, obtain evidence to determine if the controls are operating effectively to achieve your organization's objectives and satisfy standard requirements, and provide attestation of audit along with remediation strategies. A deeper dive assessment compared to the NCUA 12 CFR Part 748 Risk Assessment, the NCUA 12 CFR Part 748 Audit will include evidence sampling
  • NCUA 12 CFR Part 748 Advisory Services - Work with your organization and tailor our project to your specific needs to address any concerns that you have related to NCUA 12 CFR Part 748, assist in the implementation and updating of policies and procedures, or assist in assessing the risk your third party providers pose related to NCUA 12 CFR Part 748

Let Compass IT Compliance assist your organization in assessing any risks present through our NCUA 12 CFR Part 748 Appendix A services so you can secure your customer data environment, comply with regulatory compliance requirements, and save time, money, and resources in the process. Contact Us today to discuss your unique situation. Secure. Comply. Save.

Finance Blog Posts

Contact Us