HAYWARD COMMUNITY CREDIT UNION WEBSITE POLICY
BOARD ADOPTED: 08/2020 BOARD REVIEWED & APPROVED: 08/24/2022
General Policy Statement:
Hayward Community Credit Union (HCCU) maintains a website that is hosted by Complete Computer Solutions (CCS). The Credit Union maintains sole ownership of the website address. All content is developed by the Credit Union and maintained by either HCCU or CCS. Using the World Wide Web (Web) is strongly encouraged in that it provides the Credit Union with a tool to convey information quickly and efficiently on a broad range of topics relating to its products, services, activities, objectives, policies, and disclosures.
The Credit Union offers a full array of products and services electronically for the ease of use and protection of our members. Every effort is made to ensure security of confidential information and the protection of the members.
1. POLICY AND PROGRAM RESPONSIBILITY
- The Credit Union has established that the Vice President will monitor the Credit Union’s website operations. An Oversight Committee consisting of: IT Operations and the Compliance Officer will regularly monitor the site for accuracy of information and site content. Any new website ideas, content, or initiatives must be reviewed by the oversight committee.
- Management understands the importance of relevant and powerful website tools and the importance of E-commerce activity. Semi-annual reports on the website activity and effectiveness will be provided to the Board of Directors. The Board of Directors of the Credit Union will approve and review the Website Policy annually.
- Management together with the appropriate departments shall work together to provide the necessary resources to adequately support website operations to include equipping staff with appropriate tools and staff training.
Copyrighted material will be used only when allowed by prevailing copyright laws and may be used only if the materials relate to the website’s intention and should be approved by the oversight committee prior to use.
3. EXTERNAL LINKS
When external links to non-Credit Union websites are included, the Credit Union is responsible for ensuring that a disclaimer is made that neither the Credit Union nor the organization endorses the product at the destination, nor does the Credit Union exercise any responsibility over the content at the destination.
- A disclaimer shall be displayed when linking to external sites. The disclaimer may appear on the page or pages listing external links whenever a request is made for any site other than the official Credit Union website.
4. RISK ASSESSMENT
- The Credit Union regularly tests the efficacy of its E-commerce systems to ensure proper working order and to prevent security weaknesses.
- Management has classified the level of data sensitivity, as well as the potential security risks in the event of a security breach. Management has procedures in place to handle the different levels of intrusion.
- The Credit Union regularly monitors security risks associated with technological and operational changes in E-commerce and maintains a current list of critical website applications and data that is categorized, quantified, and prioritized.
5. COMPLIANCE AND LEGAL
- The Credit Union ensures that its website will comply with all applicable laws and regulations. The Credit Union also monitors all changes in laws and regulations that affect E-commerce, and updates its E-commerce policies, practices, and systems accordingly in a prompt manner.
- The Credit Union has secured bond coverage for all of its website policies and procedures. Management has ensured that bond coverage is sufficient in the event of any loss due to an electronic transaction. Bond coverage is regularly assessed to ensure the sufficiency of coverage.
- The Credit Union through its Vendor Management Program regularly reviews pertinent contracts and agreements with website vendors, partnerships, and affiliates.
- The Credit Union maintains a privacy disclosure that is available to all members who visit the Credit Union website. The Credit Union monitors and enforces compliance with its privacy disclosures.
- The Credit Union monitors its website on a regular basis to ensure that all disclosures are accurate and up to date. Procedures are in place to address various activities related to the use of the website.
6. AUDIT AND CONSULTING SERVICES
- The Credit Union’s website activities will be subject to periodic independent audits and quality reviews, at least annually, and more frequently when appropriate. At a minimum, these reviews will cover website: security, regulatory compliance, privacy, application development and maintenance, incident response, business continuity, and virus detection and protection. The Credit Union management will correct the issues of concern uncovered by the independent audit and/or quality review.
- The Credit Union’s compliance and audit department randomly reviews the website to identify and prevent potential vulnerabilities.
The Credit Union’s website is maintained by Complete Computer Solutions (CCS). The Credit Union performed appropriate due diligence before selecting CCS as its partner in development and maintenance of the website. The Credit Union works with CCS to ensure the operational integrity and security of the computer and network supporting the website are maintained. The Credit Union has a Vendor Management program in place that also monitors partnerships and vendor relationships. The Credit Union will periodically review security procedures employed by each vendor to ensure it meets the Credit Union’s minimum requirements.
8. MEMBER SERVICE AND SUPPORT
- Management has established procedures and practices for promptly resolving member support issues. Management will take steps to ensure that adequate staff levels and training are in place to address member support issues.
- A link to E-commerce transactions for online banking is available on the website. The Credit Union discloses to its members the terms and conditions by which its E-commerce transactions are conducted. Access to the online banking is secured by the Fiserv Core System.
9. SYSTEM ARCHITECTURE AND CONTROLS
- The Credit Union maintains an inventory of hardware and software to ensure continuity of service in the event of a technological failure, natural disaster, or intentional destruction of its electronic systems. The Credit Union (or its vendor) maintains procedures to allow the Credit Union to restore its previous configuration in the event a software modification adversely affects the website.
- The Credit Union has implemented a disaster recovery system as part of its business continuity plan. This system will be monitored regularly and updated as needed as a result of changes in technology, legislation, and infrastructure.
10. SECURITY INFRASTRUCTURE AND CONTROL
- The Credit Union maintains security measures consistent with the requirements of federal and state regulations, including risk management systems designed to prevent unauthorized access, both internal and external, to member
- The Credit Union has procedures in place to protect member information systems in the event of natural disasters, intentional destruction, or technical failure. However, the website itself does not contain any personal member or account information. All online applications are run through and monitored by our core system.
The Credit Union has established and implemented performance standards and monitoring procedures for its website activities. These standards and procedures are designed to ensure that the Credit Union’s E-commerce and website activities are available and efficiently meet member needs and expectations. These procedures are updated on a periodic basis, as a result of changes in long-term and short-term plans, as well as in response to member needs. All reviews, monitoring, and changes by authorized users or oversight committee will be collected on the Website Maintenance Log (Exhibit A).