General Controls Review (GCR)

General Controls Review (GCR)


CastleGarde’s approach to the security and general controls review is based on generally accepted data processing policies, procedures, and practices. We evaluate the Credit Union's security and control practices utilizing the U.S. Department of Commerce National Institute of Standards and Technology Special Publication 800-53 (NIST SP 800-53, Rev. 5). In addition to NIST SP 800-53, CastleGarde evaluates the organizations controls based on guidelines set forth by the Federal Financial Institutions Examination Council in The Information Technology Examination Handbooks; Appendices A & B to NCUA Regulation Part 748, NCUA Letter No. 02-17-CU, “e-Commerce Guide for Credit Unions,” and other relevant regulatory guidance.

General controls protect the environment in which each application is processed and as such, the presence of potential weaknesses in general controls can have a pervasive effect on the integrity of management information. CastleGarde’s General Controls Review focuses on the following control areas.

The following areas are evaluated for a General Controls Review

  • Access Controls
  • Awareness & Training
  • Audit & Accountability
  • Assessment, Authorization & Monitoring
  • Configuration Management
  • Contingency Planning
  • E-Commerce Controls
  • Funds Transfers Controls
  • Incident Response
  • Media Protection
  • Personnel Security
  • Physical Environmental Protection
  • Planning & Strategic Planning
  • Program Management
  • Risk Assessment
  • System & Communications Protection
  • System & Information Integrity
  • Vendor Management
  • Virtualization Management & Control