Embed Size (px)
Citation preview
1
The Most ComprehensiveCompliance Solution
2
3
Agenda• Partner Introductions• Market Drivers• Certification+ Partnership • Agent Benefits• What the partners do• FAQs
4
Market Drivers• Self-assessments no longer acceptable• Lenders requiring 3-party certification
• 4.1.16 Equity Mortgage Bankers• 3.24.16 Delta Community CU
• Cyber Security is No. 1 Concern for the industry• Employees responsible for nearly 40% of all breaches• Key lender regulators (CFPB, OCC, FDIC) published
bulletins on third-party risk management
5
The PartnershipWho we are:
– PYA, Real Estate Data Shield, Security Compliance Associates
– ALTA Elite Providers– FNTG preferred vendors– Best-in-Class Solutions Providers
6
What is Certification+?• Comprehensive compliance package for title
agents, settlement agents, RE attorneys, escrow companies, notaries etc.
• Unique bundled services:• IT security assessments (including Cyber Security)• GLBA Compliance• Certification of all ALTA Best Practice 7 pillars• Employee Training
7
What is Certification+?We are a team of experienced professionals dedicated to assisting our industry partners with meeting compliance challenges. Our executive team includes:
– A former national title underwriter executive with 35+ years of industry experience
– A state insurance department regulator
– A former title agent and current settlement firm principal with 25+ years of title and settlement experience
– A CISSP (Certified Information Systems Security Professional) and IT security specialist with more than 21 years supporting the US Air Force as Chief of Computer Investigations and Operations with computer criminal, counterintelligence and counter espionage experience
– A CIPP (Certified Information Privacy Professional)
8
• Affordable to both small and large agents
• Single point-of-contact• Certification of all 7 pillars• Gramm-Leach-Bliley Act (GLBA)
Compliance– IT and Cyber Security assessments
• World-Class employee compliance training
Agent
9
10Compliance Management Platform™
CEO and founder of Real Estate Data Shield and The Gulotta Law Group, Chris has represented institutional lenders in mortgage finance transactions for over 25 years. He has developed compliance management platforms and Data Security Compliance tools for mortgage lenders, title underwriters, independent title and settlement agents, notaries and attorneys. Chris is a Certified Information Privacy Professional and sits on ALTA’s Best Practice Task Force.
Christopher J. Gulotta, Founder & CEO, Esq., CIPP
Paul Schwartz,Chief Privacy Advisor
Richard Purcell,Courseware Developer
An international expert on information privacy law, Professor Schwartz assists corporations and law firms with regulatory, policy, and governance issues. As professor of law at UC Berkeley and Director of the Berkeley Center for Law and Technology, he has published widely on privacy and data security topics.
A leading voice in consumer privacy and data protection challenges, Mr. Purcell is an award-winning developer of Web-based education and training courses. As Microsoft's original Privacy Officer, he designed and implemented one of the world's largest and most advanced privacy programs.
11
REDS 2.0REDS 2.0 Includes:
– E-Commerce Website: Our new e-commerce website allows clients to purchase our products and register employees directly through our website with ease. This new web interface allows for east setup, onboarding and management of users
– Updated Staff Training Courseware: Our award-winning courseware has been updated and includes two (2) NEW learning modules
– Policies & Procedure Templates and Security Self-Assessment Tool: Information Security policies & procedure templates and a company self-assessment tool for companies to jump-start the compliance process.
12
Additional REDS 2.0 Features:– Client “Administrator” functionality allows for easy tracking of employee progress through a 2.0 dashboard.
– The new modules include our Compliance Coach Avatar “CC”, who will guide employees through the courseware and learning process.
– The new “Preamble Module” educates employees and increases their awareness of the need to safeguard NPPI and how to help implement Cyber Security in the office. Designed to change corporate culture and staff behavior.
– The new “Summary Module” bolsters the educational content in REDS 1.0 with a deeper dive into information security and the Privacy Smart® best practices.
– REDS 1.0 and REDS 2.0 were exclusively developed for the Title and Settlement industry by, (i) Christopher Gulotta, Esq., a national recognized subject matter expert in title, settlement & Information Security Compliance with a CIPP designation; (ii) Richard Purcell, Microsoft’s First Privacy Officer; and (iii) Professor Paul Schwartz, of Berkeley Law School.
13
Compliance Management Platform• Compliance is the New Marketing
– Enhance your marketability by becoming a Cyber Secure environment– Position your company to thrive in the new regulatory and contractual
landscape and “comply to survive” with the increasing regulatory standards– Train your staff in privacy and security requirements & safeguards to better
protect your non-public personal information and escrow funds with our award-winning Data Security Awareness Courseware
– Demonstrate internal controls that comply with federal and state consumer privacy and security laws, rules, and regulations using our Information Management Compliance Manual with guidelines, procedures and policy templates
– Assess your overall compliance with an assessment of vulnerabilities to reveal gaps and pinpoint critical areas for remediation
• Compliance Management Platform™– Prepare your company for lender compliance audits and contractual scrutiny– Privacy and security law and regulations require it and regulators enforce it– Lenders will contractually mandate it in the Post-TRID environment
14
Compliance Management Platform Components
• Threats and Vulnerabilities
• Controls and Safeguards
• Information Management Governance
• Security Infrastructure – Physical and Technical
• Employee Awareness
Risk Self-Assessment
• Consumer Privacy• Employee Data
Protection• Acceptable Use of
Company Resources – Employees
• Information Security• Information
Management – Third Parties
• Security Breach Management
Policies & Procedures
• Information Management for Real Estate Settlement Services Companies (title, settlement, attorneys, notaries, escrow companies, etc.)
Staff Training 2.0
15
Admin Home
16
Online Training
17
Preamble Module
18
Summary Module
19
Admin Dashboard
20
Policies & Procedures
21
Risk Self-Assessment
22
Compliance Management Platform™• Information Drives the Digital Economy
– Advanced technologies have created efficiencies– Regulators are focusing on how transitions to digital information management require
oversight of critical financial services– Major players are turning scrutiny toward service providers to protect their interests
• Compliance As a Required Competency– Comprehensive information management programs with documented policies and
procedures– Regular risk assessment evaluation to detect and correct vulnerabilities– Company-wide awareness and training communications
• Real Estate Data Shield’s Compliance Management Platform™– Guidance and templates for a comprehensive program, fully documented– Self-assessments for adherence to regulatory and best practices standards– Award-winning web-based training supported by robust reporting
You can only manage what you can measure
23
Christopher J. Gulotta, Esq., CIPPFounder & CEO
Real Estate Data Shield, Inc. (212-951-7302
For Marketing & Sales Inquiries:
Maria MeyersDirector of Marketing & Sales
( 212-951-7302*[email protected]
24
25
Who is Pershing Yoakley & Associates, P.C.?
26
pyabestpractices.com
Complimentary tools for Fidelity agents• Gap Analysis: evaluation of policies and procedures• Readiness Tool: Short questionnaire by pillar to
gauge compliance
Tools for Agents
27
Menu of Engagement TypesAs a public accounting
firm, PYA can work along with SCA and
REDS to provide higher levels of assurance such as SOC 2 or examinations, if
necessary.
28
29
Matthew FroningChief Information Officer
Security Compliance Associates, Inc.*[email protected]
(727) 571-1141
http://www.scasecurity.com
Security Compliance Associates, LLC © 2016
30
SCA Background• Founded in 2000• Tampa’s 30th Fastest Growing Co - 2013• Over 3,000 Assessment Assignments Completed• Three Verticals – Coast to Coast
– Title & Settlement – Financial Institutions (Credit Unions, Banks, Investment Firms– Healthcare
• 35% Growth Since 2009• 20 Team Members and Growing• ALTA Elite Provider
31
Engineer Certifications• CISSP – Certified Information Systems Security Professional• CISA – Certified Information Systems Auditor• ISSMP – Information Systems Security Management
Professional• ISSAP – Information Systems Security Architecture
Professional• CEH – Certified Ethical Hacker• CPT – Certified Penetration Tester
32
Our Services • External & Internal Vulnerability Assessment
• External & Internal Vulnerability Scans• ALTA Best Practices Pillar 3 Certification – Protection of NPPI
• GLBA Gap Analysis• Cybersecurity Gap Analysis
33
Our Services • IT Risk Assessments• InfoSec Controls Review• Social Engineering • Physical Security Review• Network Architecture Review• DoS Assessment
34
SCA Reports
35
SCA Reports
36
FNTG Agent Benefits• Legal Compliance as a Financial
Institution• Uncover vulnerabilities• Become Cyber Secure• Mitigate risks• Access to IT Security expertise• We help agents sleep at night
37
FAQ’s• What is the difference between a
certification, an examination, a SOC 1, or a SOC 2?
• What is the cost?• My agents’ lenders have not requested a
third-party certification yet so why do I need Certification+?
38
FAQ’s• What if my lender requests a higher level
of certification after I have completed a Certification+ engagement?
• How do agents initiate the process?• How do all three companies coordinate
the engagement behind the scenes?
39
FAQ’s• Where can I send agents for additional
information?• What is involved in a GLBA assessment?• What are common IT security
remediation items, and how does SCA assist?
