Information Security/FACTA Red Flag/GLB Privacy & Safeguards Policy and Procedure Model Plan
Includes Disaster Recovery, Cybersecurity, Remote Work, Breach/Incident Remediation/Response, Business Continuity and Risk Assessment

Compliance with 16 CFR section 314.4 - Safeguarding rules extended
The FTC enhanced rules surrounding Gramm-Leach-Bliley Safeguarding and entered them into the Federal Register Dec. 9, 2021, to go into effect December, 2022. We updated our model policies at that time. The agency gave another extension, until June, 2023, for the rules to go into effect, to allow industry to more time to prepare.
States With Significant GLB Examinations
We have encountered significant examination requirements in New York, Massachusetts, Maryland, Virginia, Texas, Michigan. We have developed a rubric and draw a straight line to the GLB requirements within our model plan.
NYS Department of Banking raises the bar on Cybersecurity - Our Product Meets the Requirements
Fannie Mae Requires NPI Policy - Not just what is required to be protected, but also how you will secure hardware
Information Security/Cybersecurity is Industry Hot Button
The FTC requires that all companies which handle sensitive consumer information implement a Red Flag ID Theft detection plan. We provide the Red Flag Plan, but also provide an information security plan and an employee training plan to make complying with the law simple. A company can't have a Red Flag rule if it doesn't already have an information security plan. We have combined information security, mortgage origination, processing and closing with this Red Flag program to provide a comprehensive program that can actually be put into use.
This is the ONLY information security/cybersecurity NPI and ID Theft Red Flags Plan available that is written specifically for the mortgage industry.
The Gramm-Leach-Bliley Act requires that all companies handling private consumer information have a Red Flag ID Theft detection plan in place. We provide the Red Flag Plan, but also provide an information security plan and an employee training plan to make complying with the law simple. Many states also require proof that lenders have an information security plan in place. If you are using a credit bureau to obtain consumer reports, you must also have an information security program under Fair Credit Reporting Act (FCRA) Requirements.
The FTC enhanced rules surrounding Gramm-Leach-Bliley Safeguarding and entered them into the Federal Register Dec. 9, 2021, to go into effect December, 2022. We updated our model policies at that time. The agency gave another extension, until June, 2023, for the rules to go into effect, to allow industry to more time to prepare.
States With Significant GLB Examinations
We have encountered significant examination requirements in New York, Massachusetts, Maryland, Virginia, Texas, Michigan. We have developed a rubric and draw a straight line to the GLB requirements within our model plan.
NYS Department of Banking raises the bar on Cybersecurity - Our Product Meets the Requirements
Fannie Mae Requires NPI Policy - Not just what is required to be protected, but also how you will secure hardware
Information Security/Cybersecurity is Industry Hot Button
The FTC requires that all companies which handle sensitive consumer information implement a Red Flag ID Theft detection plan. We provide the Red Flag Plan, but also provide an information security plan and an employee training plan to make complying with the law simple. A company can't have a Red Flag rule if it doesn't already have an information security plan. We have combined information security, mortgage origination, processing and closing with this Red Flag program to provide a comprehensive program that can actually be put into use.
This is the ONLY information security/cybersecurity NPI and ID Theft Red Flags Plan available that is written specifically for the mortgage industry.
The Gramm-Leach-Bliley Act requires that all companies handling private consumer information have a Red Flag ID Theft detection plan in place. We provide the Red Flag Plan, but also provide an information security plan and an employee training plan to make complying with the law simple. Many states also require proof that lenders have an information security plan in place. If you are using a credit bureau to obtain consumer reports, you must also have an information security program under Fair Credit Reporting Act (FCRA) Requirements.
What is included
Procedures Specific to the Mortgage Industry
FACTA Required Red Flags Plan
FCRA and GLB Required Safeguarding Plan
Risk Assessment
Employee Training Program Included
Working with Vendors (Risk Assessment)
Clean Desk Policy
Document Retention/Destruction
Safeguarding Private (non-public) NPI Data (GLB)
Red Flags in Origination
Remote Work Policy
Working with Borrowers
Breach/Incident Remediation and Reporting
Disaster Recovery/Business Continuity
Risk Assessments
Red Flags in Processing
Closing/Funding Red Flags
Servicing Red Flags
FACTA Required Red Flags Plan
FCRA and GLB Required Safeguarding Plan
Risk Assessment
Employee Training Program Included
Working with Vendors (Risk Assessment)
Clean Desk Policy
Document Retention/Destruction
Safeguarding Private (non-public) NPI Data (GLB)
Red Flags in Origination
Remote Work Policy
Working with Borrowers
Breach/Incident Remediation and Reporting
Disaster Recovery/Business Continuity
Risk Assessments
Red Flags in Processing
Closing/Funding Red Flags
Servicing Red Flags
Sample Table of Contents |
![]()
|
Video edited on Kapwing
Purchase Information Security, FACTA Red Flag and ID Theft Plan
Price $395
|
Information Security Module is part of the Complete Banker or Correspondent Packs and Compliance Packs
Referred by a consultant, association, or wholesaler? Click here to request a discount code! Download is delivered by e-mail link - allow 5-15 minutes for delivery |