At a recent Ongoing Operations Client Advisory board meeting several of our Credit Union CTO/CIO’s mentioned the challenges they were having maintaining and meeting NCUA compliance. One $500m Credit Union mentioned that despite a large Technology team, they were spending80% of their R&D resources meeting NCUA Information Technology Security requirements. Between patching, anti-virus, firewalls, inventories etc. the 500 questions in the NCUA Aries checklist and the constant regulatory oversight was stealing all of the resources they have to improve business operations through technology at the Credit Union.
Since OGO already had all of the tools, as we are PCI and SSAE-16 compliant, we made four major changes:
1. Extend OGO Enterprise tools to support a hybrid and hosted model (things like Solarwinds or CISCO Iron Port)
2. Map all of the NCUA AIRES questions to Supporting Documentation to prove compliance
3. Map all of the NCUA ARIES questions to Supporting Policy to prove compliance
4. Providing a Question, Policy and Report aggregation tool (SharePoint) so that the CU can add its own proof and policy for things OGO doesn’t provide.
When we put all of this together we launched CU-Control to give Credit Union Management and Technology Professionals a purpose built Credit Union Information Technology Security Compliance tool. As a CUSO, OGO understands the Credit Union’s compliance needs and builds solutions directly into the platform.