PRIVACY PROTOCOLS

Credit Risk Management, L.L.C. considers the privacy of our clients, in addition to the privacy of their customers, extremely important.

Even though we are an external vendor to your institution, we consider ourselves an extension of your organization. Our company has taken great strides to make certain adequate safeguards are in place regarding the security of any electronic or physical information obtained from you, our client.

The technologies and processes used to protect information are reviewed frequently, and improved as needed. Information is only available to authorized employees, who are trained to respect and guard the confidentiality of this information. They are held accountable to follow established standards, procedures and laws.

The following outlines the technologies and procedures that Credit Risk Management, L.L.C. utilizes to maintain appropriate privacy of information.

Electronic Data Procedures

We are committed to maintaining the confidentiality, integrity and overall security of our clients' non-public personal information. We have implemented appropriate physical, electronic and managerial procedures to safeguard and secure the information we collect or handle to prevent unauthorized access, to maintain data security and to facilitate the proper use of information. Our technological controls employ multi-layered or defense-in-depth security including but not limited to hardware and software firewalls, web filtering proxies, enterprise class anti-virus software, host-based intrusion prevention and anomaly detection software, operating system hardening using industry consensus best practices and data encryption. Following the principle of least privilege, all information is assigned specific access rights restricting users from accessing data that is not essential to their production. Any access to the company servers must pass through firewalls or be accessed via company computers from within our private network. All servers are physically stored in a locked 'swipe key' environment with 24-7 monitoring.

All Credit Risk Management associates sign and are bound by our Employee Statement of Privacy and Confidentiality Agreement and our Computer Acceptable Use Policy. Credit Risk Management, L.L.C. implements an extensive array of procedures to ensure the safety of all electronic loan data submitted by its clients for loan review services.

Procedures for Protecting Client Information

Credit Risk Management L.L.C. implements the following procedures to ensure the safety of all electronic loan data submitted by its clients for loan review services.

Procedures

1. Upon receipt of data file from a client, the data is immediately loaded and stored in a specific folder on our company server. Following the principle of least privilege and 'need to know,' access to this folder is restricted to the Loan Sampling Specialist and the Network Administrator. No other employee can access this data.
2. If data was submitted on diskette, once data is copied to server and validated for completeness, the diskette is destroyed. If the data was submitted via e-mail, the e-mail message is also destroyed once the data file is validated for quality.
3. The Loan Sampling Specialist processes the loan data. If it is determined that individual customer Tax ID numbers or Social Security numbers are not relevant to the sampling process, that information is immediately destroyed and eliminated from the data file.
4. Once loan review samples and/or Automated Loan Portfolio Reviews are completed, the data is zipped and retained on the server for two loan review cycles, or until the current project is closed out with the client. Credit Risk Management, L.L.C. is not in the business of data warehousing and will not retain information that is no longer needed to serve our clients.

Physical Data Protection

Credit Risk Management, L.L.C. protects its offices with electronic security devices that remain on-line with the authorities 24 hours a day, 7 days a week, as well as cameras and security guards. The constant monitoring system ensures that any attempts of improper entry are immediately recorded and addressed.

Credit Risk Management, L.L.C. contracts a private shredding company to shred all documents 'on-site.' Any physical information requiring archiving is kept in a secure location on premises.

Back to Services Index