CUNA is now America’s Credit Unions. A stronger voice to advance the credit union industry.
March 2023 By TraceSecurity
The NCUA has developed new procedures for their risk-based Information Security Examinations (ISE) for credit unions. Your examiner will be using these new procedures for your regulatory examination this year, and TraceSecurity is here to help you navigate the new normal. TraceSecurity has taken the official NCUA regulatory statements and broken them down into the assessments and testing that your examiners will be looking for this year.
Based on your credit union’s asset size, you will fall into one of two categories:
Small Credit Union Examination Program (SCUEP)
The SCUEP applies to credit unions below $50 million in assets. This is the NCUA’s lowest threshold for “small” credit unions to date. If you fall in this category, your requirements are as follows:
CORE & CORE+
The CORE Examination Program applies to credit unions with over $50 million in assets. CORE represents the minimum requirements, with CORE+ additions if applicable. Credit unions that fall under CORE are required to do the following:
As we get to credit unions of higher asset sizes and more complex IT environments, your examiner may have some additional requirements under CORE+. If applicable to your credit union, CORE+ could include some or all of the following requirements:
To provide some examples, Web Application Testing is only required if your credit union has a web application, like for online banking. Remote Access Control Testing is only necessary if you have employees that remotely access company systems, like through a VPN.
The Good News
TraceSecurity has already begun preparing credit unions for their examinations under the new ISE requirements. With this being the NCUA’s most structured examination process to date, ensure your cybersecurity requirements are properly handled.
TraceSecurity has provided over 30,000 examiner approved reports, helping credit unions of all sizes maintain compliance year after year. A CUNA Strategic Services provider since 2006, TraceSecurity helps credit unions with a range of cybersecurity services, including risk assessments, penetration testing and IT audits. With a combination of software and services, TraceSecurity can help credit unions manage their information security program and supplement it with third-party validation.