National Credit Union Administration
(NCUA Guidelines)

NCUA Security Compliance

The IT Security Compliance Guide is intended to help credit unions comply with the Guidelines for Safeguarding Member Information (NCUA Rules & Regulations, Part 748, Appendix A&B). The guide summarizes the obligations of credit unions to protect information, and illustrates how certain provisions of the National Credit Union Administration Rules and Regulations, Part 748, Appendix A & B (Security Guidelines) apply to specific situations. The guide applies to federally-insured credit unions (NCUA).
The Security Compliance Guidelines implement section 501 and 505(b) of the Gramm-Leach-Bliley Act and section 621(b) and 628 of the Fair and Accurate Credit Transactions Act of 2003. The Security Guidelines establish standards relating to administrative, technical, and physical safeguards to ensure the security, confidentiality, integrity and the proper disposal of information.
The NCUA Guidelines address safeguarding the confidentiality and security of information and ensuring the proper disposal of information. They are directed toward preventing or responding to foreseeable threats to, or unauthorized access or use of, that information. The Security Guidelines provide that credit unions must contractually require their affiliated and non-affiliated third party service providers that have access to the credit union’s information to protect that information.

The NCUA Security Guidelines requires credit unions to implement an information security program that includes administrative, technical, and physical safeguards designed to achieve the following objectives:

  • Ensure the security and confidentiality of member information;
  • Protect against any anticipated threats or hazards to the security or integrity of such information;
  • Security Program Manager
  • Protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any member
  • Ensure the proper disposal of member and consumer information.