Processing Controls

Processing controls are in place to manage the end user's ability to acquire information stored with the Core Provider.

The security obligations of internal users and employees responsible for these web applications are communicated at least annually. All employees are required to review and acknowledge their review of Corporate Information Security policies annually. This acceptance is tracked by the Information Security Coordinator. Furthermore, all employees must receive Information Security training, which includes GLBA, Social Engineering, Contingency Plans, and Pandemic Plans annually. All training is presented through web-based instructions and some modules require the employee to demonstrate understanding of the material through a test that the employee must achieve at least an 80 percent score to pass.

Coordinator administers, monitors, and tracks success of the annual Information Security training. As part of the GLBA training, employees are informed on the Incident Response policies and procedures in the event of security breaches. The training provides insight into the employee’s responsibility for recognizing and reporting such instances.

Changes that might affect the security and availability of web applications are monitored through daily meetings. There are two daily meeting times at 10:00 and 3:00.

70026