Information Security policy addresses the need for managing information security within the credit union by creating awareness of security threats, taking preventive measures to mitigate these and continually reviewing and checking the efficacy of such measures. This policy is one of four Information Systems and Management Information Policies required by Section 55(1)(o)(xi) of the Credit Union Acts 1997 to 2012. Other related policies are:
Management Information Policy
Information Systems Change Management Policy
Information Systems Asset Management Policy
Information Security Threats
Any threat to the security of credit union information has the potential to disrupt operations, cause a personal data breach, place the credit union at a financial loss, damage our reputation or any combination of these.
Technology has vastly improved the provision of financial services to members, however it also brings new sources of security threats to the credit union. Technology systems must be maintained by qualified IT professionals to ensure their integrity and ability to resist attack. In turn, IT professionals and IT suppliers must be evaluated to ensure that best practice is being applied in relation to information security.
Security threats can also arise from non-technical sources such as changes to credit union operations. Both existing staff and new staff members who take on new roles must be made aware of security considerations related to their role. Attention must also be given to the impact on information security when business processes are changed. New business locations will have unique physical security requirements. New products or services offered to members may also have specific security threats that must be recognized and addressed.