Gramm Leach Bliley (GLB) ACT Information Security
Information Security Policy -Privacy Statement Copyright Statement Computer, Internet, and Electronic Communications Policy
This Information Security Plan (“Plan”) describes Michigan Mortgage’s safeguards to protect information and data in compliance (“Protected Information”) with the Financial Services Modernization Act of 1999, also known as the Gramm Leach Bliley Act, 15 U.S.C. Section 6801. These safeguards are provided to: Protect the security and confidentiality of Protected Information; Protect against anticipated threats or hazards to the security or integrity of such information, and Protect against unauthorized access to or use of Protected Information that could result in substantial harm or inconvenience to any customer. This Information Security Plan also provides for mechanisms to Identify and assess the risks that may threaten Protected Information maintained by Michigan Mortgage; Design and implement a safeguards program; Adjust the plan to reflect changes in technology, the sensitivity of Protected Information, and internal or external threats to information security.
Identification and Assessment of Risks to Customer Information
Michigan Mortgage recognizes that it has both internal and external risks. These risks include, but are not limited to:
- Unauthorized access to Protected Information by someone other than the owner of the covered data and information
- Compromised system security as a result of system access by an unauthorized person
- Unauthorized access to covered data and information by employees
- Interception of data during transmission
- Unauthorized requests for covered data and information
- Physical loss of data in a disaster
- Unauthorized access to hardcopy files or reports
- Corruption of data or systems
- Loss of data integrity
- Errors introduced into the system
- Unauthorized transfer of covered data and information through third parties
We (Michigan Mortgage) recognize that this may not be a complete list of the risks associated with the protection of Protected Information. Michigan Mortgage believes current safeguards are reasonable and, in light of current risk assessments are sufficient to provide security and confidentiality to Protected Information.
Design and Implementation of Safeguards Program
Employee Management and Training
In accordance with Michigan Mortgage policies, standards, and guidelines, reference checking and background reviews will be conducted when deemed appropriate. During employee orientation, each new employee in departments that handle Protected Information will receive proper training on the importance of confidentiality of Protected Information. Each new employee will also be trained in the proper use of computer information and passwords. Further, each department responsible for maintaining Protected Information will provide on-going updates to its staff. These training efforts should help minimize risk and safeguard covered data and information security.
Physical Security
Michigan Mortgage has addressed the physical security of Protected Information by limiting access to only those employees who have a business reason to know such information and requiring signed acknowledgment of the requirement to keep Protected Information private. Existing policies establish a procedure for the prompt reporting of the loss or theft of Protected Information. Offices and storage facilities that maintain Protected Information limit customer access and are appropriately secured. Paper documents that contain Protected Information are shredded at time of disposal. Any third party services used that would have access to Protected Information have written agreements to ensure confidentiality. Continual oversight will be maintained on all third party service providers who would have access to Protected Information.
Information Systems
Information systems include network and software design, as well as information processing, storage, transmission, retrieval, and disposal. Michigan Mortgage has policies, standards, and guidelines governing the use of electronic resources and firewall and wireless policies. We “Michigan Mortgage” will take reasonable and appropriate steps consistent with current technological developments to make sure that all Protected Information is secure and to safeguard the integrity of records in storage and transmission. Michigan Mortgage will develop a plan to protect all electronic Protected Information by encrypting it for transit.
Management of System Failures
Michigan Mortgage will maintain effective systems to prevent, detect, and respond to attacks, intrusions and other system failures. Such systems may include maintaining and implementing current anti-virus software; checking with software vendors and others to regularly obtain and install patches to correct software vulnerabilities; maintaining appropriate filtering or firewall technologies; alerting those with access to covered data of threats to security; imaging documents and shredding paper copies; backing up data regularly and storing backup information off-site, as well as other reasonable measures to protect the integrity and safety of information systems.
Continuing Evaluation and Adjustment
This Information Security Plan will be subject to periodic review and adjustment, especially when due to the constantly changing technology and evolving risks. Michigan Mortgage will review the standards set forth in this policy and recommend updates and revisions as necessary. It may be necessary to adjust the plan to reflect changes in technology, the sensitivity of customer data and internal or external threats to information security.
Data Breach Response Plan
Michigan Mortgage acknowledges that this Information Security Plan has been developed and will be monitored and maintained consistently. In the event there is a breach of Protected Information from an internal or external source Michigan Mortgage will promptly notify all affected customers of the said breach. All customers affected will be provided a mailed notification letter informing them of the potential breach of their Protected Information. The letter shall contain:
- Notification of the potential loss of Protected Information
- A toll-free number to contact Michigan Mortgage for information and assistance
- Instructions to place Fraud Alerts with the credit repositories and the offer of assistance in this matter
- Free credit monitoring for the customer provided by Michigan Mortgage for a period of no less than one year