IT Security Compliance Solutions for Credit Unions
Under $75 Million in Assets
The NCUA is increasing the pressure on Credit Unions (CU) to meet the regulations and guidelines related to IT Security Compliance. These regulations require each CU to protect its Members’ Non-Public Personal Information (NPPI). While these requirements place a significant cost and time burden on all CUs, the burden is increased on the CUs under $75 million in assets due to the limited staff resources available to address these issues.
TraceSecurity is CUNA’s exclusive Strategic Alliance provider of IT Security Compliance solutions and has provided solutions to over 500 CUs. TraceSecurity has specifically designed the TraceStandard solutions to help CUs under $75MM in assets meet the minimum requirements of NCUA regulations and guidelines in an efficient and cost effective manner. The solutions are also intended to minimize the burden on staff resources by utilizing TraceSecurity experts to perform the process.
The TraceStandard solutions address specific CU business issues related to IT Security Compliance, including:
- Independent testing requirements
- Limited budget to address IT Security Compliance
- Lack of internal resources with expertise in IT Security Compliance
- Numerous federal and state regulations that are frequently revised
- Complexity of the regulations
- Efficient development of the required Information Security Program
- Lack of internal resources with expertise in IT Security testing methodologies
- Burdensome Reporting Requirements (Auditor, Board, Management, etc.)
- Loss of members due to security breach
- Notification and response cost due to security breach
TraceStandard solutions are specifically tailored to meet the NCUA IT Security Requirements, as shown below.
| NCUA IT Security Requirement | TraceStandard Solutions | Price |
| Perform a risk assessment to determine the risk to Members’ NPPI | Remote Risk Assessment | $1,500* |
| Develop and implement an Information Security Program based on the risks identified in the risk assessment | Policy Development and Review | Sold separately or included with TraceStandard Security Assessment |
| Train employees on the policies and procedures established in the Information Security Program | Remote Security Training – Customized based on customer’s needs | Priced based on customer’s individual needs |
| Annually Test for vulnerabilities and adherence to the Information Security Program | TraceStandard Security Assessment - (includes use of TraceAssess vulnerability scanner) | $1,500* |
| Annually Report to the Board of Directors | TraceReport – a module of TraceSecurity Compliance Manager | Included with all TraceStandard Solutions |
*The above solutions are provided to meet the minimum NCUA requirements. TraceSecurity also offers best practice solutions including: IT Security Audits, Penetration Testing, Social Engineering, and Application Testing. To create a continuous IT Security Compliance program, TraceSecurity offers software solutions, including TraceSecurity Compliance Manager, Risk Manager and IT Security Audit Manager.
Contact TraceSecurity for more information or to purchase a TraceStandard Solution.
Email: standard@tracesecurity.com
Phone: (225) 215-2490
