Information Security ProgramInformation Security Access Assessment Branch Office AssessmentBranch #Date A. EMPLOYEES:1. List all new employees (Lending & Operations staff) and their positions that have been in yor office since the last !nformation "ecrity #ccess #ssessment.!ndicate if they have signed the $mployee #c%nowledgement to the $mployee &ide to the !nformation "ecrity 'rogram(NAME POSITION Acno!"e#gement Signe#$

). *ave the above employees been granted !+! access at a level appropriate for their position,-. /es-.0o'lease e1plain any 20o3 answers(

4. *as the !+! access level been changed for any employees in the last 5 months(-. /es-.0o'lease e1plain any 2/es3 answers(

!nformation "ecrity #ccess #ssessment 6 Branch Office #ssessment'age )B. %&STOME' IN(O'MATION1. !s cstomer information %ept in a secre area at night sch as the valt7 a loc%ed cabinet7 drawer7 or loc%ed office,(Customer information includes reports, loan files, signature cards, account documents, and any other item that contains confidential customer information.)-. /es-.0o'lease e1plain any 20o3 answers(

). Dring the day7 is cstomer information %ept where an nathori8ed person cannot easily view or ta%e sch information,-. /es-.0o'lease e1plain any 20o3 answers(

4. !n the 2'latform3 area7 are password protected screensavers sed to prevent screen information from being accessed if an employee is away from his or her des%,-. /es-.0o'lease e1plain any 20o3 answers(

9. !s any confidential information left in the trash at night instead of being placed in the shred bin,-. /es-.0o'lease e1plain any 2/es3 answers(

:. Do all employees place shred items into the shred bin at the end of the day,-. /es-.0o'lease e1plain any 20o3 answers(

!nformation "ecrity #ccess #ssessment 6 Branch Office #ssessment'age 4%. PASS)O'*S AN* LAPTOPS1. #re passwords %ept in a secre location,(Passwords should NOT be placed on or near the computer workstation either on the monitor, underneath the keyboard, net to or near the computer.)-. /es-.0o'lease e1plain any 20o3 answers(

). #re employees instrcted 0O+ to se a password that is easily gessed,(!amples of easily guessed passwords include employee names, the name and"or number of the branch, or an easy series of letters or numbers such as ####, #$%&', abcde.)-. /es-.0o'lease e1plain any 20o3 answers(

4. #re all laptops %ept in a secre location at night,((aptops should NOT be left in an unlocked location such as a desktop or unlocked drawer unless it is inside of a locked office.)-. /es-.0o'lease e1plain any 20o3 answers(

*. NE) A%%O&NTS+ P'ETE,T %ALLIN-+ . &P*ATIN- %&STOME' IN(O'MATION1. #re 0ew #cconts personnel advising cstomers on the se of the #tomated ;alling ;enter,-. /es-.0o'lease e1plain any 20o3 answers(

!nformation "ecrity #ccess #ssessment 6 Branch Office #ssessment'age 9). Do they advise cstomers to change their '!0 the first time they se the system, 4. -. /es-.0o'lease e1plain any 20o3 answers(

9. #re they giving the 'rivacy Disclosre brochre to all new ;O0" accont cstomers,-. /es-.0o'lease e1plain any 20o3 answers(

:. #re 0ew #cconts personnel obtaining acceptable 'rimary and "econdary identification for all new cstomers,()ee )ection #*'.# of the Operations Policy +anual)-. /es-.0o'lease e1plain any 20o3 answers(

5. Do all personnel have an nderstanding of what 'rete1t ;alling is,()ee the !mployee ,uide to the -nformation )ecurity Program.This should be co.ered periodically during staff meetings.)-. /es-.0o'lease e1plain any 20o3 answers(

?. Do employees %now how to properly identify cstomers before giving ot information,(This should be co.ered periodically during staff meetings.)-. /es-.0o'lease e1plain any 20o3 answers(

!nformation "ecrity #ccess #ssessment 6 Branch Office #ssessment'age :@. Do employees %now 0O+ to give ot cstomer information Ast becase the caller states they are an attorney or law enforcement,(/ll such calls should be referred to a super.isory le.el person and, if necessary, to Operations )upport./ttempts at Pretet Calling may re0uire the filing of a )uspicious /cti.ity 1eport.)-. /es-.0o'lease e1plain any 20o3 answers(

B. Chen an address change is reDested7 is the cstomerEs identify verified before the address change ismade,-. /es-.0o'lease e1plain any 20o3 answers(

1F. Chen cstomer information is entered or changed on !+!7 is there an independent callGbac% to verify the information was entered accrately,-. /es-.0o'lease e1plain any 20o3 answers(

! certify that ! have reviewed the !nformation "ecrity practices in this branch office and have reported the findings in this !nformation "ecrity #ccess #ssessment 6 Branch Office #ssessment. ;stomer "ervice =anager G "ignatre Date Bsiness ;enter =anager 6 "ignatre Date