IT Risk Assessment & Controls Audit

Credit unions are required to comply with guidelines set forth by NCUA, GLBA, FFIEC, and other state-specific regulating bodies and private insurers. Our team of experts apply a National Institute of Standards and Technology assessment framework to credit unions like yours to comprehensively evaluate your risk environment for items that could lead to service interruption or the unwanted dissemination of member sensitive information.

We utilize a range of risk management tools and provide services for credit unions small and large by customizing an approach to the specific needs of each institution. We work with smaller credit unions to perform an accelerated risk assessment while we perform a broader mix of services for larger credit unions relative to their risk tolerance and exposure.

Since completing an IT Risk Assessment & Controls Audit is only the first step in managing a credit union’s IT risk and state of compliance, we offer AutoPilot Managed IT Compliance on a fixed-fee subscription basis to ensure the credit union is maintaining requirements long-term. Between our services in IT Security & Risk Assessment and AutoPilot Managed IT Compliance, enCompass offers the most comprehensive solution for evaluating and continuously managing credit union risk and compliance. 

Questions about IT Security?

Questions about Disaster Recovery?

Questions about Compliance?

Ask an IT Expert Now!

Contact Us Now!

Our Approach

Our team of experts apply a custom blend of services to assess the credit union’s risk environment:

People – After identifying key staff, we complete a questionnaire and interview process that uncovers key processes, controls, policies and procedures that govern how technology is managed within the credit union. This component can include physical security and social engineering aspects depending on the credit union’s risk tolerance, exposure, and perceived risks. People are the most critical ingredient in managing risk.

Technology – Our team of IT engineers review documentation and then perform analysis and tests on network and infrastructure including: internal and external vulnerability scanning, firewall and logging review, server and PC review, data flows analysis, network penetration testing, and more to uncover potential threats.

Threat Analysis – Combining the People and Technology aspects of the assessment, threats are inventoried and prioritized.

Action Plan – An action plan is created using the prioritized threat inventory. An executive summary is provided for Board of Directors and other executive staff.