This document is to describe the Information Security requirements of Online Application Services and Application Service Providers that engage in business with McBride Financial Services. This policy applies to any use of Online Loan Applications (OLA) and any outsourcing to Application Service Providers (ASP) by McBride Financial Services, independent of where hosted.
The Online Loan Application or Application Service Provider's Sponsor must first establish that its project is an appropriate one for the OLA/ASP model, prior to engaging in any additional infrastructure teams within McBride Financial Services or any external Application Service Providers. The department wanting to use an Online Loan Application or any Application Service Providers service must confirm that the Application Service Providers chosen to host the loan applications of McBride Financial Services complies with this ...view middle of the document...
Information that falls under the Most Sensitive category may not be outsourced to an ASP.
If the ASP provides confidential information to McBride Financial Services, the ASP sponsor is responsible for ensuring that any obligations of confidentiality are satisfied. This includes information contained in the ASP's application. McBride Financials legal services should be contacted for further guidance if questions about third-party data arise. Projects that do not meet these criteria may not be deployed to any Application Service Provider.
The Information Security Department has to created this document, to make clear the minimum security requirements for Online Loan Applications. All Online Loan Application and Application Service Provider requests must demonstrate compliance with these Standards in order to be considered for use.
The ASP engagement process includes an Information Security evaluation of security requirements. This policy can be provided to ASPs that are either being considered for use by McBride Financial Services, or have already been selected for use.
The Information Security Department may request that additional security measures be implemented in addition to the measures stated in this document, depending on the nature of the project. The Information Security Department may change the requirements over time, and all ASP's involved are expected to comply with these changes.
Application Service Providers that do not meet these requirements may not be used for any McBride Financial Services projects.
Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment. Application Service Providers found to have violated this policy may be subject to financial penalties, up to and including termination of contract.
Application Service Provider (ASP) - ASPs combine hosted software, hardware and networking technologies to offer a service-based application, as opposed to a McBride Financial Services - owned and operated application.