WEB SITE POLICY
General Policy Statement
New Horizons Credit Union (NHCU) maintains a website that is hosted by HomeCU. All content is developed and maintained jointly by New Horizons Credit Union staff and creative persons hired on a contract basis by the credit union. Using the World Wide Web provides NHCU with a tool to convey information quickly and efficiently on a broad range of topics relating to its products, services, activities, objectives, policies and disclosures.
Electronic services provided: Home Banking.
- Information provided: Hours of operation
- Contact information by various methods
- List of products and services provided
- Current loan and dividend rates
- Information regarding credit union operations
- Management and staff contact information
POLICY
PROGRAM RESPONSIBILITY
OVERSIGHT COMMITTEE. The NHCU Board of Directors has established an Oversight Committee made up of the designated positions and/or persons listed in Appendix A. The primary responsibility of this committee is to maintain and monitor the credit union’s website. Any new website ideas or initiatives must be reviewed by the oversight committee, which will prioritize, develop, acquire, and maintain any approved website applications.
COPYRIGHTED MATERIAL. Copyrighted material will be used only when allowed by prevailing copyright laws and may be used only if the materials relate to the website’s mission and should be approved by the Oversight Committee prior to use.
EXTERNAL LINKS. When external links to non-credit union websites are included, a disclaimer will be made that neither the credit union nor the organization endorses the product at the destination, nor does the credit union exercise any responsibility over the content at the destination.
A disclaimer shall be displayed when linking to external sites. The disclaimer may appear on the page or pages listing external links whenever a request is made for any site other than the official credit union website.
RISK ASSESSMENT
The New Horizons Credit Union web-site is hosted by HomeCU and is locally established behind Fedcomp firewalls to prevent intrusion
The Credit Union regularly monitors security risks associated with technological and operational changes in website operations.
COMPLIANCE AND LEGAL
NHCU management will ensure that its website complies with all applicable laws and regulations. NHCU also monitors all changes in laws and regulations that affect website operations and will update website policies, practices, and systems accordingly in a prompt manner.
The credit union will insure that bond coverage for all of its website policies and procedures is secured. Management will further ensure that bond coverage is sufficient in the event of any loss due to an electronic transaction. Bond coverage is regularly assessed to ensure the sufficiency of coverage.
The credit union will periodically provide various website contracts and agreements with vendors, partnerships, and affiliates to appropriate counsel for review.
The credit union provides disclosures regarding its website policies and procedures to members who use its website. The credit union will place appropriate warnings on its website, clearly stating that unauthorized access or use of the website is not permitted and may constitute a crime punishable by law.
NHCU maintains a website privacy disclosure that is available to all members who visit the credit union website. The credit union monitors and enforces compliance with its website privacy disclosures.
The credit union monitors its website on a regular basis to ensure that all disclosures are accurate and up-to-date. The Credit Union will create procedures to validate transactions, e-mails, and other contractual obligations relating to its website.
AUDIT AND CONSULTING SERVICES
The Credit Union’s website activities will be subject to periodic independent audits and quality reviews as appropriate. At a minimum, these reviews will cover website: security, penetration testing, regulatory compliance, privacy, application development and maintenance, incident response and business continuity, and virus detection and protection. NHCU management will correct the issues of concern uncovered by the independent audit and/or quality review.
The Credit Union management regularly requires performance testing of its website to identify and prevent potential vulnerabilities.
MEMBER SERVICE AND SUPPORT
Management has established procedures and practices for promptly resolving member support issues, and will take steps to ensure that adequate staff levels and training are in place to address member support issues.
NHCU discloses to its members the terms and conditions by which its website transactions are conducted, such as:
• The NHCU website is secure and member account information is kept confidential.
• Whether the website uses cookies, how they are used, and what the consequences are for not accepting them.
• How member information can be corrected.
• How member information is used.
• Where members can go to resolve errors, pose questions, or register complaints.
• Inform members of their right to receive paper copies of member account information and procedure to obtain paper copies.
PERSONNEL
Employees with access to member account information will receive a copy of the credit union’s website policy. Employees will be notified of the importance of maintaining the confidentiality of member account information and will be made aware of NHCU's policies, procedures, standard practices, and disciplinary actions that will be taken against the employee for non-compliance with the credit union's privacy and information security policies and procedures. NHCU policy prohibits staff from inappropriately disclosing member account information to any third party.
NHCU will limit access to sensitive information to specific employees to ensure confidentiality of member account information. Employees have been trained on the proper procedures for filing reports to the appropriate regulatory and law enforcement agencies. Management will routinely monitor employees for compliance with the credit union's stated policies, procedures, and standards.
NHCU has conducted background checks on its employees, and will thoroughly investigate any allegation of employee misconduct.
Management will cross-train as appropriate to maintain continuity of employee support in the event of a termination, transfer, promotion, etc. Employees involved with the credit union’s website transactions are kept up-to-date with changes in the policies and procedures of the Credit Union.
SYSTEM ARCHITECTURE AND CONTROLS
NHCU maintains an inventory of hardware and software to ensure continuity of service in the event of a technological failure, natural disaster, or intentional destruction of its electronic systems. The credit union and its vendor maintains procedures to allow the credit union to restore its previous configuration in the event a software modification adversely affects the website.
The credit union has implemented a disaster recovery system as part of its business continuity plan. This system will be monitored regularly and updated as needed as a result of changes in technology, legislation, and infrastructure.
SECURITY INFRASTRUCTURE AND CONTROLS
NHCU maintains security measures consistent with the requirements of federal and state regulations, including risk management systems designed to prevent unauthorized access, both internal and external, to member information.
The credit union has procedures in place to protect member information systems in the event of natural disasters, intentional destruction, or technical failure.
Management monitors employees with access to member account information to ensure they are in compliance with the credit union’s established security policies and procedures.
All member account information is stored on servers located behind firewalls that are routinely monitored and further protected with passwords to prevent unauthorized access and/or damage. These protections are monitored on a regular basis to assess potential security weaknesses.
Access to member accounts is restricted to members through the use of user ID numbers and passwords. Account passwords that are not entered correctly after the three tries will result in an automatic log-off to the session.
PERFORMANCE MONITORING.
NHCU has established and implemented performance standards and monitoring procedures for its website activities. These standards and procedures are designed to ensure that the credit union's website activities are available and efficiently meet member needs and expectations of member users. These procedures are updated on a regular basis, as a result of changes in long-term and short-term plans, as well as in response to member needs.