- Information Security Program (ISP)
Information Security Assessment Services (ISAS)
- Internal Security Assessment (ISA)
- External Vulnerability Assessment/Penetration Testing (EVA/PT)
- Physical Security Assessment (PSA)
- Remote Internal Vulnerability Assessment (R/IVA)
- Wireless Vulnerability Assessment (WVA)
- Branch Controls Assessment (BCA)
- Virtual Vulnerability Assessment (VVA)
- Website Penetration Testing Assessment (W/PTA)
- Mobile Device Management Assessment (MDM)
- Risk Management/Business Continuity Program
- CastleGarde NetAudit (CNA)
- Remote Social Engineering (RSE)
- Bank Secrecy Act/Anti-Money Laundering (BSA/AML) Audit
- Website Compliance Assessment (WCA)
Information Security Program Development and Support
Information Security Program Review & Assessment
CastleGarde conducts a review of the credit union’s existing information security policies and procedures to assess their comprehensiveness, identify specific weaknesses, and evaluate their compliance with information security rules, guidelines, and federal regulations including NCUA’s 12 CFR Part 748 Appendix A and Appendix B. A report is produced that summarizes the findings and makes recommendations for improving the credit union’s information security program.
Information Security Policy
The information security policy is a Board-approved, concise, high-level document which incorporates all elements of NCUA’s Part 748 requirements and provides guidance to management in the creation and implementation of a written information security program.
Information Security Standards & Procedures
The information security standards & procedures is a comprehensive document which details the standards and procedures required for the credit union to comply with the specific elements outlined in the information security policy including cybersecurity. It is intended for use by credit union executives, managers, supervisors, and information technology personnel.
Information Security User Guidelines
The information security user guidelines document is a subset of the information security standards & procedures. It contains only those standards and procedures that apply to most employees, including the basic requirements which must be followed by all employees to ensure information security compliance at the credit union. This document should be available to all employees.
Information Security Training
Online web-based training (24/7 unlimited use).