Policy Management for Credit Unions
One of the biggest issues facing Credit Unions is how to face the never ending IT security landscape with limited funding and limited staff. Very few credit unions that we have worked with actually have the internal human being resources to dedicate to security management, monitoring, etc.
What can credit unions do? RedZone believes that with the new yearly NCUA AIRES-IT Questionnaire for having the credit union employees read and then sign off on the IT Security policy is a great idea since awareness is a huge factor in enhancing IT security.
Benefits of ThunderDG for Credit Unions
- Automated paperless IT Security Policy Management
- Easy reporting to NCUA
- Automated IT security awareness
- Light weight and effective training to support your IT policies
- Policies that match your actual security capabilities
- Tailored to your needs
ThunderDG Platinum Program
The ThunderDG product is the tool, but RedZone’s expertise will work with you to create a three tiered Policy structure comprised of:
- General IT Policies
- Personnel Polices
- IT Security Incident Response Policy
- RedZone will Review/Evaluate FCU Policies.
- RedZone will facilitate 2 meetings to clarify key points regarding policies.
- RedZone will compare your existing IT policies to NCUA IS&T framework.
- RedZone will rate existing IT policies with CIO Policy Scoreboard and provide Red, Yellow, Green analysis of current IT Security Policies.
- RedZone will facilitate Information Security Policy Redesign/ Rebuild/Build: Carve out employee/personnel policies from Master Information Security Policy.
- FCU to obtain Board approval (as needed)
- RedZone via ThunderDG will send out approved Security Policy Acknowledgement forms electronically via ThunderDG on an approved periodicity schedule.
- Once per year RedZone will send IT and Information Security policy acknowledgment forms to employees electronically to comply with NCUA IS&T Guidelines: “Acknowledgement form(s) to be signed by employees annually” (1 time per year)
- Optional – Employee Security/Awareness Training
- Includes 2x initial phase meetings to setup quiz module for IS&T “Evidence of Periodic Monitoring of Compliance”
- Upon approval, RedZone will distribute Information Technology quizzes electronically to Credit Union employees that support the approved Security Policy Acknowledgement Forms.
- 1 x per year RedZone will annually distribute electronic quizzes to FCU employees coordinate with Maintenance Phase Step 1
Maintenance CIO Scoreboard
- Rate Technical GAPs identified in between IT Security enforcement systems compared to Educational Systems FCU Information Security Program Policies.
- Once per year
How ThunderDG Works
ThunderDG is a cloud-based solution, you will be given a custom URL, along with login credentials. When you sign up, this is where and how you will access your company’s confidential portal.
Once you’re logged into the portal, you will be able to then upload any/all of your policies, add recipients, and utilize any of the ThunderDG Features.
Electronic Delivery & Storage of Employee Policies
After you’ve uploaded your policies and added your recipients within ThunderDG, you will be able to assign different recipients to sign different policies. This is extremely useful if certain positions within your company have different policies and/or paperwork they must complete.
From there, you can also opt to compose a message to go along with the policy. This can be anything from specific instructions for the submission of a signed policy to something as simple as a “thank you” message.
Once the policies are sent, you will be presented with a view for each policy that will allow you to track who has signed and returned it and who still has yet to.
This allows the person responsible for employee policy management within your company to see when each of the employees on the distribution list received, e-signed, and returned their policies versus which employees still have yet to return the e-signed policy.
Electronic Signing of Policies
As previously mentioned above, ThunderDG is cloud-based, so rather than physically signing a piece of paper, all documents are electronically signed (e-signed). This could be through the use of a desktop, laptop, tablet, or Smartphone.
It’s as simple as signing your name with your finger, mouse or typing in your name – depending on what type of device you’re using!
Workflow Routing To Ensure All Signature Requirements Are Met
Some policies have places for employees to initial or checkboxes to fill out as they review the document(s). If even one of those initial lines or checkboxes isn’t filled in appropriately, it will impact the enforceability of a policy.
Since the entire purpose of putting policies in place is for them to be valid and enforceable, you want to make sure that all the “I”s are dotted, “T”s are crossed, checkboxes are checked, and lines are signed.
With the incorporation of ThunderDG into your policy management process, an employee does not have the option to submit a policy until all lines are signed and boxes are checked.
Additionally, ThunderDG gives you the option to assign workflows to each of your policies so that you can specify a document be sent to a manager following the employee’s e-signature of the policy. This ensures that the policy is routed to, and signed by, all of the appropriate and necessary parties prior to be filed away as completed.
Once all of the necessary signatures are on the policy, a signed copy of the policy will arrive in your email inbox – as well as the inbox of the signee – while another copy is securely and automatically filed away within the Policy Portal.
Secure Storage & Retrieval of Old Policies
ThunderDG is partnered with Adobe® Echosign, which allows for the e-signature functionality of the product, as well as the ability for all of the policies – signed and unsigned – to be stored on secure Adobe® servers.
Integrated Quiz Module to Ensure Compliance and Understanding of Policies
Not only does ThunderDG do everything mentioned above, but it also has an integrated quiz module that allows policy signees to interact with your policies in order to reinforce its contents.
You’ll be able to create quizzes that highlight what is stated in your policies in order to ensure your employees’ complete understanding of the policies and why they are in place.
Since more often than not, employees violate policies because they “didn’t know about them,” or simply “don’t understand the point,” increased understanding of company policies should lead to increased compliance.
Once you determine what aspects of your policies you’d like to quiz your employees on, distribution of the quiz is as simple as clicking a button!
Need Help Developing Your Policy First?
RedZone has years of experience with IT policies, and we’re happy to help you with assessing and developing the policies you need.