CastleGarde will collect the credit union’s policy and standards data and conduct interviews with credit union personnel identified as key contacts in order to create a picture of the credit union's existing information security program framework. Evaluation of the credit union's existing information security framework is based on NCUA Regulation Part 748.0, Appendix A and B requirements, industry standards, and CastleGarde's best practices and experience.
CastleGarde will analyze the data collected to evaluate key information security elements for regulatory compliance and best practices. CastleGarde will identify missing elements to help the credit union quickly focus on the most business-essential information security areas.
When reviewing existing credit union policies and procedures, CastleGarde will:
Assess their comprehensiveness
Identify their specific strengths and weaknesses
Evaluate for compliance with regulatory requirements
Provide concise recommendations for improving the policies and/or procedures
Recommendations accepted by the credit union will be integrated into document revisions to be produced by CastleGarde. Moreover, if the credit union would like, CastleGarde will conduct a briefing at the credit union of the policies and procedures reviewed. CastleGarde will present the “high points” of an effective information security program and will address how the approved recommendations will be integrated into existing documents.