ارجو تعبئة هذا الأستبيان ضروري
ومشكورين ع التعاون
Questionnaire about E-Commerce
No
Questions
Yes
No
NA
NR
General
Yes
No
NA
NR
General
1
The credit union engage in E-Commerce activities with its members via the Internet, world-wide web, home banking, etc.
2
E-Commerce products and services considered being critical to the credit union's goals and strategies?
3
Adequate policies and procedures been developed for the credit union's E-Commerce activities
4
The credit unions have an E-Commerce organization chart or listing of key E-Commerce staff
5
Management established an E-Commerce oversight committee comprised of representatives from applicable departments such as Marketing, Compliance, Operations, Information Systems and Security
6
The credit union Board of Directors receives reports on E-Commerce activities on a regular basis
7
The credit union has an a) informational, b) interactive or c) transactional website
8
The website hosted by a) the credit union, b) vendor or c) third party
9
The website content developed and maintained by the credit union
10
The credit union offer the following services electronically:
11
Member Application
12
Share Account Application
13
Share account transfers
14
Loan Applications
15
Loan payments
16
Bill payment
17
Account Balance Inquiry
18
View Account History
19
Download Account History
20
Share Draft Orders
21
Merchandise Purchase
22
Electronic Cash
23
Wire Transfers
24
Other (describe)
Risk assessment
Risk assessment
1
There are policies, procedures and practices in place for performing risk assessments to identify internal and external threats and vulnerabilities associated with E-Commerce
2
Policies and procedures address Operational/Transactional, Security, Reputation and Compliance Risks
3
There is a risk assessment been performed for the credit union's E-Commerce activities
4
Management actively reevaluates risks associated with technological and operational changes in E-Commerce
5
Management consider and is it continually monitor the risks associated with outsourcing relationships
Compliance and Legal
Compliance and Legal
1
Legal counsel consulted for significant matters such as E-Commerce contracts, partnerships and affiliations
2
Changes to applicable laws and regulations actively monitored and are policies and procedures updated accordingly?
3
Appropriate procedures been put in place to ensure that E-Commerce transactions are legally binding (e.g., verifiably performed by the appropriate party) and cannot be repudiated
4
Management determine whether E-Commerce activities are included in its bond coverage and, if so, has management determined if the coverage is sufficient
5
Management reviews the credit union's bond coverage annually to ensure that it is adequate in relation to the potential risk
6
management considered the legal ramifications has associated with providing E-Commerce services to multi-state and multinational members
Audit and Consulting Services
Audit and Consulting Services
1
E-Commerce activities subject to periodic internal (internal audit) and/or external (SAS 70 or financial statement) audits and quality reviews
2
Management is prioritized the issues disclosed in the most recent audit or quality review
3
Management is corrected, or is in the process of correcting, these issues
4
Management is performed and documented an assessment to determine if Attack and Penetration Testing should be used as a means of identifying, isolating and confirming possible flaws in network and security architecture
5
Management is performed, contracted or planned to contract for these services when the assessment warrants penetration testing
6
Management is addressed, or is in the process of addressing, identified vulnerabilities when a penetration test has been performed
Vendor Management
Vendor Management
1
Management assess long-term strategic and short-term tactical plans for current and future E-Commerce outsourcing activities
2
Management actively monitor whether critical, outsourced service providers continually meet the credit union's E-Commerce needs (i.e. hardware, software, network services)
Member Service and Support
Member Service and Support
1
Management have a process in place to adequately track and resolve member support issues (e.g., member technical support, incident reports, and FAQ's)
2
Management established and tailored member service level goals based on their business needs and unique field of membership expectations
Personnel
Personnel
1
The credit union adequately staffed and trained with respect to its E-Commerce strategy?
2
An adequate segregation of duties exists between conflicting E-Commerce related responsibilities
3
The credit unions have a process in place to handle the addition, modification or deletion of employee's access due to status changes, i.e. terminations, transfers, promotions?
4
Credit union management implemented practices to address the recruitment and retention of E-Commerce technical staff
System Architecture and Controls
System Architecture and Controls
1
Adequate network, system and application diagrams (i.e. topologies) maintained
2
An adequate inventory of E-Commerce hardware and software maintained
Security Controls
Security Controls
1
The credit unions have an adequate security program in place (i.e., documented policies and procedures) which covers protecting critical data and facilities
2
Management monitor credit union staff activity to ensure compliance with established security policies and procedures
3
Safeguards have been implemented to mitigate the risk of confidential member and servicing information being disclosed to or modified by unauthorized users
4
Authentication techniques/controls have been put in place to block unwanted communications into and out of the credit union network (i.e., Firewall)
5
Member session controls have been put in place to ensure that access is only granted to the appropriate users
6
Controls have been put in places that automatically log-off a session (member or other users) as a result of inactivity
7
Management classified data has based upon its sensitivity, perceived value and the impact to management in the event of its loss
8
The various types of data have communicated on the credit union's network been categorized according to its sensitivity
9
The credit union have implemented adequate security policies and procedures according to the sensitivity and importance of data
10
A criterion in place which determines the level of encryption that shall be used for the varying degrees of sensitive information
11
An appropriate level of encryption being utilized to protect sensitive data (data residing on the web server or transmitted during a session)
12
Effective and thoroughly test security tools used to monitor internal and external threats
13
The credit union ensure that virus identification and protection software is implemented, monitored and updated when required
14
The credit union have an intrusion detection system
15
If yes, a real-time intrusion detection system is
16
The credit union respond to potential intrusions in a timely manner
Business Continuity
Business Continuity
1
Disaster recovery relating to E-Commerce has been incorporated into the credit union's overall business continuity plan
2
The credit union review its plan, at least annually, based on changes in technology, its infrastructure or E-Commerce activities.
3
The plan is tested on a regular basis and is the test results analyzed to identify necessary changes
4
The credit union has developed incident response and escalation procedures for technical, security or member concerns
Performance Monitoring
Performance Monitoring
1
The credit union is established and implemented adequate performance monitoring procedures for E-Commerce activities
2
The performance of E-Commerce activities is monitored by management against long-term and short-term plans, or member demands
: 
: 
: