Not only are information security risk assessments (ISRA) a regulatory requirement under National Credit Union Administration rules and regulations part 748, but they also provide you with the tools you need to make proper decisions for implementing controls to protect your members’ sensitive information.
Many credit unions do not have the technical resources on hand to be able to conduct an effective ISRA. Using an outside source, like Sollievo, gives you an unbiased view of the risks that may affect your members’ data, and will guide you towards implementing effective mitigations to protect the confidentiality, integrity, and availability of that data.
If you are shopping around for ISRA assistance, you may come across providers that give you a canned questionnaire to answer on your own without any guidance. After you answer the questions, you may be able to generate a report that shows your credit union completed an ISRA. But if you are like many credit unions, your employees wear multiple hats and don’t have a dedicated staff member with the experience and background to know if you did an effective job answering the questions properly.
Our program is designed to take a minimum amount of your time and provide you with an honest assessment of risks and recommended mitigations, while taking into consideration your asset size and potential limits to your financial resources for applying mitigations and controls. Knowing that your credit union has utilized a thorough ISRA will allow your credit union to be confident in the security of your members’ sensitive information.