LAW
Writer®
Ohio Laws and Rules
(A) EDP examinations.
(1) Credit unions utilizing computers shall adopt as a minimum, the following policies:
(a) An EDP policy which shall provide for operating procedures, practices and purchases of computer equipment. These policies and procedures shall serve as an overall plan and analysis of how the system benefits the credit union.
(b) A security policy which shall provide for the physical security of the hardware, software and the data base. This policy should include everything from locking doors to use of and safeguarding of passwords.
(c) A backup and recovery policy which shall provide for backup of transactions daily and the system weekly, maintaining three generations of backup and one off site and limiting access to backup.
(d) A contingency/disaster recovery policy and plan which shall provide for procedures for interruption of computer operations and tests for ability to recover both hardware and software.
(2) Credit unions utilizing a servicer shall have a contract which provides for ownership of the data base, minimum notice for cancelling the contract, and a plan for obtaining a copy of the EDP and regular audit of the servicer periodically, a copy of the backup and recovery plan, and a disaster plan to ensure solvency and continued service. The contract shall also, provide the superintendent or his representatives with complete access to any books and records of the service, as deemed necessary by the superintendent in carrying out his responsibilities.
(B) Supervision-roster of officials.
(1) A credit union shall provide to the superintendent annually, within ten days after it holds its annual meeting and reorganizational meeting, a roster of directors, officers and senior management personnel.
(2) Within ten days after the board of directors appoints a director to fill a vacancy, elects a new officer or officers, appoints or approves a senior management employee, the credit union shall notify the superintendent in writing of the change.
(3) Credit unions operating under a supervisory agreement or letter of understanding and agreement, shall notify the superintendent in writing, by certified mail, at least fifteen days prior to the date any change in the position of director, officer, committee member or any senior management personnel takes place. The notice shall include the position that the person will be assuming and a detailed resume. An individual shall not assume a position and related duties until after the superintendent has approved such change in writing.
R.C. 119.032 review dates: 03/17/2006 and 11/15/2010
Promulgated Under: 119.03
Statutory Authority: 1733.41
Rule Amplifies: 1733.32
Prior Effective Dates: 8/3/93