N.C.U.A Information Security Requirements Rules

The National Credit Union Administration (NCUA) is an independent federal agency that charters and supervises federal credit unions, insuring the savings of over 80 million account holders in federal and most state-chartered credit unions across the country through the National Credit Union Share Insurance Fund (NCUSIF), a federal fund that is backed by the credit and “good faith” of the United States government.

The NCUA requires that each federally insured credit union have a written member information security program that, at a minimum, ensures the security and confidentiality of member records and information; protects against any anticipated threats or hazards to the security or integrity of such records; and protects against unauthorized access to or use of such records or information that could result in substantial harm or inconvenience to any member.

Further, it requires that each credit union assess the level of risk related to its business by:

1) Identifying reasonably foreseeable internal and external threats that could result in unauthorized disclosure, misuse or destruction of member or member information systems;

2) Determining the likelihood and potential damage of such threats, based on the sensitivity of member information;

3) Assessing whether the policies, procedures and information systems in place are sufficient to control these risks.

Finally, the NCUA requires that each credit union “manage and control risk” based on the realities of the business (size, complexity, etc.), and recommend security measures that are appropriate to their environment, including access controls and user authentication; access restrictions at physical locations containing member information; encryption of electronic member information; procedures to ensure security program consistency; ongoing monitoring to detect and prevent intrusions or attacks; and regular testing of key controls, systems and procedures relating to the information security program.

Compliance with these security standards is critical to the ongoing business operations of federal and state-chartered credit unions. Failure to comply may result, not only in regulatory sanctions and fines, but also direct business loss as a result of lawsuits, damage to an organization’s reputation and degradation of the public’s trust.

ISGRM Group offers a full suite of Professional Services and experts to assist your credit union in efficiently and cost-effectively implementing the NCUA guidelines identified above and comply with NCUA requirements.


For further information on NCUA Compliance Requirements, please contact one of our Sales representatives by calling (954) 800-0397 or by completing our Online Inquiry Form

Contact Us

Contact ISGRM

We look forward to partnering with clients, new and existing, on their information security needs. Please don't hesitate to contact us if you have questions or wish to speak with us regarding one or more of our services.


550 North Reo St.,
Tampa, Fl, USA 33609 USA




(954) 800-0397

Submit an RFP

Please Wait!
Choose a file to upload
Add file information below
Your Name

Ready to meet your security & compliance requirements?

Book A Consultation
Corporate Headquarter

550 North Reo St.,
Tampa, FL 33609

Get Direction
Contact ISGRM

Phone: (954) 800-0397

Email: sales@isgrm.com
Submit RFP

We welcome new clients
Save 20% on your assessments

Request an RFP Response