Printer layout Header
Home
my services
products
resource library
international
Home  Refreshing Home.

Security Info Left Nav Links

 
Email Link
Small Font Size Medium Font Size Large Font Size

Security Info_Practices

Security Information

CUNA Mutual Group takes information security very seriously. This page is meant to give an overview of the practices that we follow in order to protect our computer systems and the data that has been entrusted to us.

Access Control

Management has established a security policy, which has been communicated to all employees. The policy covers the following general concepts:

  • Protection of assets within the organization's custody by safeguarding the confidentiality, integrity and availability of data.
  • Management will fulfill its responsibilities by designing and implementing business practices based upon corporate standards to protect against unauthorized access, use, disclosure or destruction of corporate information and technology.
  • All employees and independent contractors working on CUNA Mutual's behalf are responsible for conducting day-to-day accountabilities in a manner that is consistent with this policy.


Access to CUNA Mutual's online services and business functions is secured by a unique user ID and password. These passwords must be changed regularly and must adhere to restrictive parameters to decrease the risk of unauthorized access to data and business applications. A limited number of individuals have the authority to maintain these parameters and set up new user accounts.

Physical Security

All computer hardware and storage media is located in an environmentally controlled, limited access facility. Individual access is subject to management approval based on the individual's job responsibilities. A key card system is in use that requires the use of a key card to gain access to the building, and both a key card and a PIN to access the computer room. All key cards contain pictures of the key card user.  Regular audits are conducted to validate user access.   These logs are reviewed periodically by Computer Operations management. CUNA Mutual monitors all facilities through digital video surveillance.

Data Encryption

CUNA Mutual can support multiple mechanisms for encryption. Systems accepting data over the Internet are placed in the application hosting environment, separated from the Internet and the corporate network. CUNA Mutual utilizes industry standard encryption in all areas of transmission of data and credentials to ensure confidentiality of information. 

Malicious Content Management

We attempt to ensure that all files coming in to the CUNA Mutual network are scanned for viruses and other malicious software. Anti-virus software has been deployed on our mail, application and database servers, as well as on all desktops. Live updates features are utilized to ensure virus "signatures" remain current, or can be deployed real-time as signatures become available during a crisis. In addition, incident response procedures have been developed to contain any virus outbreaks should they arise.

Intrusion Detection Capabilities and Firewalls

Intrusion Detection systems are in place to monitor all network traffic both to and from the Internet. These systems are designed to alert and intercept or block suspicious activities as deemed appropriate. In addition, our networks are also protected by firewalls which further serve to filter and block suspicious traffic that is detected.

Data Backup and Recovery

Our procedures require that all production data be backed up on a regularly scheduled basis. Our procedures call for each backup to be copied and stored off-site in a protected, climate controlled environment. Annual recovery tests are conducted to support validation of recovery processes and timely recovery of critical business functions.

Incident Response

CUNA Mutual has established a process for evaluating and responding to security events and potential incidents.  A core team from our Legal, Compliance, Security and Risk Management areas is available in the event an incident involving our electronic systems is detected. This team is charged with:

  • Evaluating the incident
  • Determining the appropriate mitigation strategy
  • Determining the appropriate notifications to be made which may include law enforcement officials, customers and other third parties.

Independent Security Assessments

CUNA Mutual employs the services of various external consulting and auditing firms to test our defenses and report on any vulnerability detected. In addition, CUNA Mutual Group has passed the X-Force™ security certification requirements defined by IBM Internet Security Systems (ISS). In order to become qualified for the ISS X-Force Security Program, CUNA Mutual's security controls and practices must meet or exceed ISS' best practices security criteria, based upon the ISO 17799 standard. ISS performs the following tests to evaluate and verify that best practices are in place:

  • Security Architecture Review
  • External Vulnerability Assessment
  • Internal Vulnerability Assessment
  • Security Controls and Mechanisms Review
  • Information Security Policy and Procedure Analysis
  • War Dialing 
  • Wireless Assessment

Our enterprise certification has been in place since 2001. This certification requires at least quarterly external vulnerability and penetration assessments, annual internal vulnerability and penetration assessment (Internal LAN and Wireless), annual desktop risk assessment, quarterly war dial assessment, and annual security governance review.

We are proud of our ISS certification, and certification is not a function of simply letting ISS technicians attempt to break into our systems. Our team works closely with the ISS security analysts to identify potential security threats, and then take the appropriate actions in order to minimize the perceived risks. In addition, our specialists and the ISS consultants strive to ensure that proper procedures are in place to keep our site protected from these perceived threats.