Parkside Credit Union

Web Site Compliance Policy

General Policy Statement
Parkside Credit Union maintains a Web site that is hosted by Hartland Financial Solutions, Inc. All content is developed by the Management Team and maintain by Parkside Credit Union.

Parkside Credit Union offers the following services electronically on the website:

 VISA: Link to online access to VISA accounts.

 Online Banking: Link to online access to Online Banking network.

 Online Bill Pay: Link to online access to Online Bill Pay network.

 Loan Application: Link to online access to Loan Application network.

 Check Reorder: Link to online access to Check Reorder network.

Guidelines:

1. Policy and Program Responsibility
a. Parkside has established a website team, made up of the following staff, to maintain and monitor the Credit Union’s Wed site: Management Team and Marketing Administrator.
b. Any new Web site ideas or initiatives must be reviewed by the Web site Committee (“Committee”) and a member of that Committee will present any new applications to the board of directors for review.

2. Risk Assessment
a. The Credit Union will regularly test the efficacy of its E-commerce systems to ensure proper working order and to prevent security weaknesses.
b. Management will classify the level of data sensitivity of services, technological and operational changes in E-commerce and maintain a current list of critical risk levels of security, virus detection and protection.

3. Compliance and Legal
The Credit Union ensures that its Web site will comply with all applicable laws and regulations. The Credit Union also monitors all changes in laws and regulations that affect E-commerce, and updates its E-commerce policies, practices, and systems accordingly in a prompt manner.
a. The Credit Union has secured bond coverage for all of its Web site policies and procedures. Management has ensured that bond coverage is sufficient in the event of any loss due to electronic transaction. Bond coverage is regularly assessed to ensure the sufficiency of coverage.
b. The Credit Union will provide various Web site contracts and agreements to external auditors and state and/or federal examiners.
c. The Credit Union maintains a Web site privacy disclosure that is available to all members who visit the Credit Union Web site.
d. The Credit Union monitors and enforces compliance with its Web site privacy disclosures. In addition, the Credit Union will place appropriate warnings on its Web site, clearly stating that unauthorized access or use of the Web site is not permitted and may constitute a crime punishable by law.

4. Audit and Consulting Services
a. The Credit Union’s Web site activities will be subject to annual independent audits. At a minimum, these reviews will cover Web site; security, penetration testing, regulatory compliance, and maintenance.
b. The Credit Union management will correct the issues of concern uncovered by the independent audit and/or quality review.
c. The Credit Union will regularly required performance testing of its Web site to identify and prevent potential vulnerabilities.

5. Vendor Management
a. The Credit Union has obtained a vendor to install and/or maintain its Web site. The Credit Union has exercised due diligence in selecting its vendor to ensure that proper security measures are in place to protect member account information.
b. The Credit Union will develop procedures to monitor vendor relationships to ensure that they continue to meet the needs of the Credit Union (i.e. hardware, software, network services, content accuracy, availability, security, and privacy).

6. Member Service and Support
a. Management will take steps to ensure that staff is adequately trained in order to address member support issues. 

7. Personnel
a. Employees with access to member account information will receive a copy of the of the Credit Union‘s Web site Policy, must sign the Credit Union’s Confidential Data Policy when hire by the Credit Union. Employees will be notified of the importance of maintaining the confidentiality of the member account information and will be made aware of the Credit Union’s policies, procedures, standard practices, and disciplinary actions that will be taken against the employee for non-compliance with the Credit Union’s privacy and information security policies and procedures. The Credit Union policy prohibits staff from inappropriately disclosing member account information to any third party.
b. The Credit Union limits access to sensitive information to specific employees to ensure confidentiality of member account information. Employees gave been trained on the proper procedures for filing reports to the appropriate regulatory and law enforcement agencies. Management will routinely monitor employees for compliance with the Credit Union’s policies, procedures, and standards.
c. The Credit Union has conducted background checks on its employees, and will thoroughly investigate any allegations of employee misconduct.
d. Management has implemented procedures and training with employees support, in the event of a termination, transfer, promotion, etc. Employees involved with the Credit Union’s Web site transactions are kept up-to-date with changes in the policies and procedures of the Credit Union.

8. System Architecture and Controls
a. The Credit Union maintains an inventory of hardware and software to ensure continuity of service in the event of a technological failure, natural disaster, or intentional destruction of its electronic systems. The Credit Union (or its vendor) maintains procedures to allow the Credit Union to restore its previous configuration in the event a software modification adversely affects the Web site.
b. The Credit Union has implemented a disaster recovery system as part of its business continuity plan. This system will be monitored regularly and updated as needed as a result of changes in technology, legislation, and infrastructure.