General Policy Statement
ValleyStar Credit Union (Credit Union) maintains a website that is hosted on WP Engine. The marketing team and third-party vendors maintain all content. A website is a tool the Credit Union uses to convey information efficiently to members and consumers on a broad range of topics relating to products, services, activities, stories, objectives, policies and disclosures.
The Credit Union offers the following services electronically:
- Online banking
- Mobile banking
- Electronic statements (eStatements)
- Membership application
- Loan application
Policy and Program Responsibility
- The Credit Union marketing team and third-party vendors are responsible for maintaining and monitoring the website. Any changes or initiatives must be approved by the Vice President of Brand and will be reviewed to prioritize, develop, acquire and maintain any approved website applications or upgrades.
- The executive team has established long-term strategic and short-term tactical plans for the eCommerce activities approved by the Board of Directors. The Credit Union provides reports as requested on website statistics and transactions.
- The executive team and the appropriate departments work together to provide the necessary resources to adequately support website operations including equipping employees with the appropriate tools and training.
Copyrighted material may only be used when allowed by prevailing copyright laws and may be used only if the materials relate to the website’s strategic plan and should be approved by the Credit Union prior to use.
When external links to non- Credit Union websites are included, the Credit Union is responsible for ensuring that a disclaimer is made that neither the Credit Union nor the organization endorses the product at the destination, nor does the Credit Union exercise any responsibility over the content at the destination.
- A disclaimer shall be displayed when linking to external sites. It may appear on the page or as a pop-up whenever a request is made to an external website.
- The Credit Union risk team regularly tests the efficacy of the eCommerce systems to ensure the proper working order and prevent security weaknesses. The level of data is classified as sensitive and the potential security risks in the event of security breaches and procedures are in place to handle the different levels of intrusion.
- The Credit Union information technology team regularly monitors security risks associated with technological and operational changes in eCommerce. It maintains a current list of critical website applications and data categorized, quantified and prioritized.
Compliance and Legal
- The Credit Union compliance team ensures that the website will comply with all applicable laws and regulations. The Credit Union also monitors all changes in laws and regulations that affect eCommerce and updates policies, practices and systems accordingly in a prompt manner.
- The Credit Union has secured bond coverage for the website and has ensured that bond coverage is sufficient in any loss due to an electronic transaction. Bond coverage is regularly assessed to ensure the sufficiency of coverage.
- The Credit Union provides website contracts and agreements with vendors, partnerships and affiliates to legal counsel for review.
- The Credit Union provides disclosures regarding the website policies and procedures to members who have entered into eCommerce relationships with the Credit Union. The disclosures also provide a list of the service providers who have a direct business relationship with the Credit Union. Also, the Credit Union will place appropriate warnings on the website, clearly stating that unauthorized access or use of the website is not permitted and may constitute a crime punishable by law.
- The Credit Union marketing team maintains a privacy disclosure available to all members who visit the Credit Union website. The Credit Union monitors and enforces compliance with privacy disclosures.
- The Credit Union compliance team monitors the website regularly to ensure that all disclosures are accurate and up to date. The Credit Union will create procedures to validate transactions, emails and other contractual obligations relating to the website.
Audit and Consulting Services
- The Credit Union’s website activities will be subject to periodic independent audits and quality reviews, at least annually. At a minimum, these reviews will cover website: security, penetration testing, regulatory compliance, privacy, application development and maintenance, incident response and business continuity, and virus detection and protection. The Credit Union management will correct the issues of concern uncovered by the independent audit and/or quality review.
- The Credit Union management regularly requires performance testing of its website to identify and prevent potential vulnerabilities.
- Employees will be notified of the importance of maintaining the confidentiality of member account information and will be made aware of the Credit Union’s policies, procedures, standard practices, and disciplinary actions that will be taken against the employee for non-compliance with the Credit Union’s privacy and information security policies and procedures. The Credit Union policy prohibits staff from inappropriately disclosing member account information to any third party.
- The Credit Union limits access to sensitive information to specific employees to ensure confidentiality of member account information. Employees have been trained on the proper procedures for filing reports to the appropriate regulatory and law enforcement agencies. Management will routinely monitor employees for compliance with the Credit Union’s stated policies, procedures, and standards.
- The Credit Union has conducted background checks on its employees, and will thoroughly investigate any allegation of employee misconduct.
- Management has instituted a training program in order to maintain continuity of employee support in the event of a termination, transfer, promotion, etc. Employees involved with the Credit Union’s website transactions are kept up-to-date with changes in the policies and procedures of the Credit Union.
System Architecture and Controls
- The Credit Union maintains an inventory of hardware and software to ensure continuity of service in the event of a technological failure, natural disaster, or intentional destruction of its electronic systems. The Credit Union (or its vendor) maintains procedures to allow the Credit Union to restore its previous configuration in the event a software modification adversely affects the website.
- The Credit Union has implemented a disaster recovery system as part of its business continuity plan. This system will be monitored regularly and updated as needed as a result of changes in technology, legislation, and infrastructure.
Security Infrastructure and Controls
- The Credit Union maintains security measures consistent with the requirements of federal and state regulations, including risk management systems designed to prevent unauthorized access, both internal and external, to member information.
- The Credit Union has procedures in place to protect member information systems in the event of natural disasters, intentional destruction, or technical failure.
- Management monitors employees with access to member account information to ensure they are in compliance with the Credit Union’s established security policies and procedures.
- All member account information is stored on servers protected to prevent unauthorized access and/or damage. These protections are monitored on a regular basis to assess potential security weaknesses.
- Access to member accounts is restricted to members through the use of user ID numbers and passwords.
- The Credit Union has implemented an intrusion detection system to monitor activity and alert the credit union immediately in the event of a security breach. The Credit Union’s oversight committee has been trained to handle such breaches in a timely and effective manner.
The Credit Union has established and implemented performance standards and monitoring procedures for its website activities. These standards and procedures are designed to ensure that the Credit Union’s E-commerce and website activities are available and efficiently meet member needs and expectations.