Matt Gunn, Managing Editor| TechComply

A financial institution succeeds or fails largely on its reputation. As such, it’s critical to protect against the types of risks that can do any damage to the way customers, members, regulators and stakeholders perceive the institution.

Effective incident response is one way to help protect that reputation. But it takes policy and practice to ensure that your bank or credit union is prepared when an incident, intrusion or other event effects your bank. Safe Systems’ VP of compliance Tom Hinkel hosted a webcast Thursday afternoon on conducting incident response tests and understanding the regulation relevant to financial institutions.

Of course, policy goes a long way to getting it right. Here are some notes from Hinkel’s presentation on key elements to an effective incident response policy:

  • A policy should define the terms: Event vs. Incident vs. Intrusion
  • A policy should address who is empowered to declare an incident to be an intrusion, and what group will manage the response
  • A policy should define incident severity level, and prescribe specific actions for: Containment, Notifications and Follow-up

We’ll have more on the presentation available soon. Of course, for more in-depth analysis on compliance, visit Hinkel’s personal blog,