Star of Texas Credit Union will maintain physical, electronic, and procedural safeguards that comply with federal standards to guard members’ nonpublic personal information.
Star of Texas Credit Union will not gather, collect or maintain any information about its members that is not necessary in order to offer its products and services, to complete member transactions or for other relevant business purposes.
Star of Texas Credit Union does not sell or provide any member information to third parties including list services, telemarketing firms, or outside companies for independent use.
Information Security Program
Management is responsible for developing, implementing, and maintaining an effective information security program to:
Management will report at least annually to the board on the current status of the credit union’s information security program.
Assessment of Risk
In order to assess the risks that may threaten the security, confidentiality, or integrity of member information or member information systems, management will:
Management and Control of Risk
In order to manage and control the risk that have been identified, management will consider whether the security measures outlined in III.D. of Appendix A of NCUA Rules and Regulations Part 748 are appropriate for Star of Texas Credit Union.
Key controls, systems, and procedures of the information security program will be regularly tested by staff independent of those that develop or maintain the security programs.
Service Provider Arrangements
Management will exercise appropriate due diligence in selecting service providers.
The information security program will be monitored, evaluated, and adjusted as necessary in light of any relevant changes in technology, the sensitivity of member information, internal or external threats, business arrangements, outsourcing arrangements, and member information systems.
Employees will be trained with regard to their responsibilities under this policy. In addition, employees will be trained to recognize, respond to, and where appropriate, report any unauthorized or fraudulent attempts to obtain member information.
Confidentiality of Members' Accounts
No credit union officer, director, committee member or employee may disclose to any person, other than the member, or to any company or government body the individual savings, shares, or loan records of any credit union member, contained in any document or system, by any means unless specifically authorized to do so in writing by such the members, except as follows:
The credit union may release the name and address of members to assist the credit union in its marketing efforts or sale of third party products, provided that the credit union obtains a written non-disclosure statement providing assurances that the information will be used exclusively for the benefit of the credit union and no other.