1 / 55

Stewart Policy Templates Part 3 “Your Compliance Quick Start”

Stewart Policy Templates Part 3 “Your Compliance Quick Start”. June 25, 2013. Now Presenting Gloria Prinz.

lucio
Download Presentation

Stewart Policy Templates Part 3 “Your Compliance Quick Start”

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Stewart Policy Templates Part 3“Your Compliance Quick Start” June 25, 2013 Now Presenting Gloria Prinz

  2. The information provided in this webinar and any printed material is informational purposes only. None of the forms, materials or opinions is offered, or should be construed, as legal advice, accounting, tax, or other professional advice and services. As such, no information, forms, opinions and materials should be used as a substitute for consultation with professional accounting, tax, legal or other competent advisers. Communication of information by or through these means and your receipt or use of such information and forms is not to be construed as legal advice or to constitute an attorney-client relationship. You should not act or rely upon information or use the forms contained in these materials without specifically seeking competent professional advice.  Additional resources that may be referenced in the following presentation or materials are offered merely as a convenience to participants with no guarantees made as to the applicability or validity of the third-party content. We do not take any responsibility for nor do we warrant the content, accuracy or timeliness of referenced websites, articles, books, events, etc.; nor do we endorse any commercial products that may be advertised or available on those sites. Stewart endeavors to comply with all applicable legal and ethical requirements when providing information to industry participants. Any questions or concerns regarding the information outlined in this disclaimer, presentation or materials should be directed to AgencyServices@stewart.com. Now Presenting Gloria Prinz

  3. Today’s Speakers Now Presenting Gloria Prinz

  4. Today’s Agenda Now Presenting Gloria Prinz

  5. CFPB Update • Mark September on your calendar – Final Rule • Bureau coordinating with Federal regulators • Plain language guides and videos coming soon • “Readiness guides” with checklists and in-depth exams • Qualified Mortgage – January effective date Now Presenting Marvin Stone

  6. Independent Agency Perspective • ALTA/MBA Roundtable Meeting on Best Practices held on June 4th • Consensus - ALTA Best Practices are an excellent start • Tiering of Independent Agencies by size • Self Assessment – Be Proactive • Turn time on getting title policy to lenders • Clean Desk Policy • Stewart Trusted Provider Success Stories Now Presenting George Houghton

  7. Stewart Policy Templates Policies and procedures for your agency to customize and deploy for a compliance quick start 1. Account Management Policy 2. Acknowledgement 3. Anti-Virus Malware Policy 4. Application Security Policy 5. Backup and Media Retention Policy 6. Business Continuity Policy 7. Customer Complaint Form 8. Customer Complaint Policy 9. Data Retention Policy 10 External Audits Policy 11. Instant Messaging Policy 12. IT Security and Computer Usage Policy 13. Managing Exceptions Policy 14. Managing Exceptions Process 15. Mobile Devices Policy 16. Non-Public Information Security & Disposal Policy 17. Password Policy 18. Policy Exception Request Form 19. Privacy & Information Security Audit/Oversight Policy 20 Remote Access Policy 21 Security Incident Response Policy 22. Security Training and Awareness Policy 23. Social Media Policy 24. Standards of Conduct Policy 25. Title Insurance and Settlement Services Policy Now Presenting George Houghton

  8. Account Management Policy Now Presenting Lisa Nelson-Morris

  9. Account ManagementWhy is access control so important? • To keep your company’s information private and secure, best practices the following: • Always practice least privilege - Users should only have access to the information needed to perform their job duties • Discretionary access control (DAC) – Allows the owner of the resource (information/application) to determine which users should have access to specific information and/or applications • Role-based access control (RBAC) – roles of the associates are clearly defined along with the associated access levels required to perform job functions associated with each role Now Presenting Lisa Nelson-Morris

  10. Account ManagementAccess Control is the #1 Audit Control • For your audit: • Have updated job descriptions on file • Have proof of manager’s approval for access • Conduct access reviews for financial applications at least annually • Ensure transferred employees are handled appropriately Now Presenting Lisa Nelson-Morris

  11. Account Management“Keys to the Data Kingdom” Now Presenting Lisa Nelson-Morris

  12. Account Management“Keys to the Data Kingdom” • Administrator Access • Elevated level of access above that of a normal user • Elevated or “Admin” access should be used only in the support of the business function (i.e. support of the business application and/or business process) • May support or maintain servers or computer systems • May perform programming or script development • May maintain databases or network infrastructure • May maintain web services • May maintain back up media services • Understand the risks associated – ALWAYS practice least privilege! Now Presenting Lisa Nelson-Morris

  13. Account ManagementSeparation of Employment • One of the biggest security threats companies face is the terminated or disgruntled employee • Has the ability to inflict damage through • Knowledge of your inner office processes • Knowledge of your business functions • Knowledge of your applications • Knowledge of your business contacts • Knowledge of your staff & their personal information Now Presenting Lisa Nelson-Morris

  14. Account Management Separation of Employment • Disallow employee access • Disallow employee access to computers or company files at point of termination • Disable user access to all business systems ASAP • Computer, network, data and remote access • Collect company devices: • Laptop, cell phones, iPads, etc. • Verify company information has been successfully removed from devices • Litigation Possibility? • Notify legal council for guidance • Notify IT department immediately to insure no critical data is lost Now Presenting Lisa Nelson-Morris

  15. Account Management Wrap Up • Document policies & processes addressing: • Account authorization • Who approves required access levels for employees? • Administrator access requirements • Who needs it? • Why do they need it? • Transferring associates • Make sure the transferring associate only has access to what is needed to fulfill their NEW job duties; disable all other access • Terminations • Ensure user access is disabled in a timely manner • Ensure Admin access is disabled as quickly as possible Now Presenting Lisa Nelson-Morris

  16. Mobile Device Policy Now Presenting Larry Lotspeich

  17. Mobile Device Policy Now Presenting Larry Lotspeich

  18. Mobile Risks • Mobile devices are • very personal • often shared with non-business associates • used more and more for business transactions • Are not always owned by you (BYOD) • Capabilities vary greatly per device • Mobile applications pose greatest risk Now Presenting Larry Lotspeich

  19. Minimizing Risk With Mobile • Secure business data stored and transmitted • Require passwords and encryption where needed • Define data ownership • Lost and stolen devices will happen • Implement the ability to remote wipe sensitive data • Train associates to report lost devices • Standardize technology • Manage the device lifecycle • Provisioning • Transfer • Decomission Now Presenting Larry Lotspeich

  20. Business Continuity Policy Now Presenting Lisa Nelson-Morris

  21. Business Continuity PlanningWhy it’s important……. • Allows for the luxury of “pre-planning” for an event • Cuts down on confusion and panic • Provides detailed instructions as to what steps need to be taken and who is responsible for each step • Reduces your office downtime • Minimizing financial loss and customer confidence • Builds customer and stakeholder confidence • Ability to respond quickly and maintain control of business functions • Safeguards your company’s reputation Now Presenting Lisa Nelson-Morris

  22. Business Continuity – Be Prepared!! Fire Flood Fire Flood Blizzard Hurricane Earthquake Now Presenting Lisa Nelson-Morris

  23. Business Continuity PlanningAreas of Responsibility • Recovery Director • Responsible for overall implementation of BCP and providing direction to Lead(s) • Lead (alternate for Recovery Director) • Can be assigned to specific area(s) (i.e. accounting dept., closing dept., IT dept., etc) • Responsible for providing direction and communication to Alternate Lead and assigned areas • Member – all other employees Lisa Nelson-Morris Now Presenting Lisa Nelson-Morris

  24. Business Continuity Planning Emergency Contact Information (All hands on deck!!!) • All office personnel • Home, mobile & alternate email address if available • All vendors/suppliers • Building maintenance • Office supplies • Leasing agent • All service providers • Police, fire, ambulance • Utility companies • Insurance carrier • Mail Service (USPS, FedEx, UPS Now Presenting Lisa Nelson-Morris

  25. Business Continuity PlanningInformation Technology Recovery • Back Up Media • Should be stored off site or to a remote server • Key personnel should know where data is stored and have the ability to restore the systems quickly • Back Up Power • Generators • Fuel Availability • Best utilization of generator Now Presenting Lisa Nelson-Morris

  26. Business Continuity PlanningAlternate Locations & Essential Equipment • Essential Equipment • Equipment vendor information • Laptops, desktops, applications, fax & printer, scanners & copiers, telephones, break room appliances, etc. • Office Supply vendor information • Alternate Locations • Another Local office • Hotel Conference Room Now Presenting Lisa Nelson-Morris

  27. Business Continuity Planning – Wrap Up Your Plan Should Contain the Following: • Office Personnel Contact List • Possible Alternate Locations • or Property Leasing Agent Information • Communication Plans • Employees, Customers & Vendors/Service Providers • Critical Business Systems • Application requirements (admin, escrow, title, accounting, etc.) • RTO (Recovery Time Objective) – amount of time required to recover the system • RPO (Recovery Point Objective) – maximum amount of critical data that can be lost • Equipment requirements (computers, phones, printers, fax, scanners, etc.) Now Presenting Lisa Nelson-Morris

  28. Business Continuity PlanningWrap Up • Vital Records • Hardcopy & Electronic • Client & Vendor List • Contact names • Contact phone • Contact Email • Services List • Emergency Responders (fire, police, ambulance) • Insurance Carriers and contacts • Building leasing and maintenance • Office Supplies, Computer Suppliers, Couriers, USPS • Phone Service Provider • Utilities Provider Now Presenting Lisa Nelson-Morris

  29. Business Continuity PlanningWrap Up Train your employees on “the plan” • All employees should “know” the plan • Understand their role • Understand their responsibilities • Know where to find the plan • Re-train existing employees annually at a minimum • Train in-coming employees • Review “the plan” • Outdated plans are useless • much like having an outdated insurance policy • Review your plan annually at a minimum • Business functions change; your plan will also change Now Presenting Lisa Nelson-Morris

  30. Business Continuity PlanningWrap Up Stewart University • Business Continuity Plan Template • Business Continuity Preparation & Response Plan Now Presenting Lisa Nelson-Morris

  31. Instant Messaging Policy Now Presenting Larry Lotspeich

  32. Instant Messaging Policy Now Presenting Larry Lotspeich

  33. Controlling Business Communications • IM is a communication channel for your business • Insecure IM can be intercepted by 3rd parties • IM can be used to leak sensitive business information • IM can bring in malicious files and internet links Now Presenting Larry Lotspeich

  34. Making IM Productive • Define and communicate acceptable use • Business use versus personal use • Define your technology requirements • What IM clients are supported / allowed? • Is encryption required between internal clients? • Is encryption required for external IM connectivity? • Define your audit requirements • Do you need to retain IM conversation records? • For how long? • Who can access the IM logs? • Who has to approve requests to view logs? Now Presenting Larry Lotspeich

  35. Social Media Policy Now Presenting Larry Lotspeich

  36. Social Media Policy Now Presenting Larry Lotspeich

  37. Today’s Workplace • Generation Y workers • Grew up with technology • Prefers to interface electronically • Used to documenting everything they do online • Often does not correlate the risks with sharing • Business wants to be socially adaptive • Employees can help or hurt brand • Employees need to know boundaries Now Presenting Larry Lotspeich

  38. Social Guidelines • Define what social media is • Give examples of popular services • Define professional vs. personal use • Define reasonable personal use • Acceptable sites and time spent • Define acceptable standards of conduct Now Presenting Larry Lotspeich

  39. Process License Agreement • Log onto Stewart’s CFPB website • Download license agreement • Complete and sign • Scan to .pdf Now Presenting Rebecca Dodds

  40. Process License Agreement Submit License Agreement • Email to agencyservices@stewart.com • Attach .pdf of signed agreement • Agency Services processes agreement Now Presenting Rebecca Dodds

  41. Process License Agreement Submit License Agreement Obtain Templates • New licensees: • Watch for email from Stewart University • Log onto Stewart University • Launch Policy Template course • Download templates from Attachments Now Presenting Rebecca Dodds

  42. Obtain Templates • Existing licensees: • Log onto Stewart University • Click Completed Tab • Launch Policy Template course • Download new templates Now Presenting Rebecca Dodds

  43. Now Presenting Rebecca Dodds

  44. Now Presenting Rebecca Dodds

  45. Now Presenting Rebecca Dodds

  46. Now Presenting Rebecca Dodds

  47. Now Presenting Rebecca Dodds

  48. Now Presenting Rebecca Dodds

  49. Now Presenting Rebecca Dodds

  50. Now Presenting Rebecca Dodds

More Related