How CIO’s can get out from under the credit union compliance load
by: Robin Remines
Are you sick of spending all of your time preparing for examiners? ARE YOU TIRED OF LOSING YOUR CREATIVE ASSETS TO COMPLIANCE WORK? DO YOU WANT TO GET BACK TO TECHNOLOGY AND AWAY FROM COMPLIANCE?
Who wouldn’t right?!
Today’s credit union CIO’s are faced with the daunting task of providing the most robust and convenient access to member services in the most secure way possible. Each year the effort to manage today’s complex infrastructures increases exponentially as do the number of internal/external threats. NCUA recognizes this challenge and has outlined very deliberate actions(AIRES) for credit unions to follow in order for them to A) be in compliance and B) strengthen the integrity of their infrastructure.
So what does it take to get out from under the credit union compliance load?
- AIRES Knowledge – I’m not talking zodiac either. Dig in – download the AIRES files and look at what’s needed in order to meet the basic requirements for protecting your credit union.
- Do a GAP analysis between what the NCUA is requiring and what you can actually do. The NCUA requires evidence of controls that includes reports, logs, functionality, etc.
- Implement the right tools – Face it. Unless you want to be buried in paperwork, system logs, monitoring in order to produce the necessary evidence that your credit union is in compliance – you’re going to need some help. If you’re considering going 0ld school and downloading the AIRES IT Examination files and locking you and your team up for the 3 weeks prior to an audit – think again. One and done isn’t going to pass anymore. Your Information Security Program (ISP) requires a living strategy that is continually evolving to meet the risks faced by credit unions.