McBride Financial Services: Online Loan Application/Application Service Provider Policy
The purpose of this document is to provide a framework that can be used by the Information Security Team as to the components needed for the company’s Online Application Services and Application Services providers, particularly in the operations of the loan department and the filing of online loan applications.
This policy covers the application of Online Loan Applications (OLA) and the related requirements of McBride Financial Services’ loan department.
Authorized employees of McBride Financial Services and authorized third parties such as customers, vendors, etc., are allowed access to the operations and application of the OLA, respectively. The application is designed according to the identified parameters when it comes to the processing of the loan such as its closing, pre-approval, adjustments and lock-in policies, in addition to other relevant policies included in the application and approval procedures.
3.1 Requirements of Project Sponsoring Organization
3.1.1 The requirements of the OLA should clearly be clearly established as a means to adopt the OLA model before any design of the system architecture is initiated. The McBride Financial Services’ loan division should determine its requirements in terms of the usability and the identified functions of the OLA infrastructure.
3.1.2 In order to assure convenience in accessibility, the system will be integrated with a pre-existing system infrastructure with the OLA a part of the Internet/Intranet/Extranet-related systems. Hence, the system contains an infrastructure of accessibility for information on McBride Financial Services’ products and services, with the actual operations limited and defined by security frameworks. Layers of security is therefore a basis of the design around the functionality as required by the OLA.
3.2 Accessibility Issues
3.2.1 Accessibility Among McBride Financial Services Employees
The OLA and its corresponding Application Service Provider (ASP) will be accessible to McBride Financial Services employees, particularly those from the loan department. Remote access can be created and other accessibility features can be provided to other management figures depending on the degree of their roles in the loan department. These roles are defined by the procedural functions involved in the loan systems, as follows: pre-approval, approval, adjustments and lock-ins.
· It is the responsibility of the employees with the access to the system to protect their respective passwords and other accessibility capabilities.
· In order to ensure the security of the system, a hierarchy of access can be established. The hierarchy of access determines the amount or degree of control a user may be able to perform in the system. Hence, their operational assignments with respect to the system also depend on their degree of authorization.
· All computers connected to the system will have points of access to the OLA infrastructure through the presence of a portal. Accessibility is based on assigned level of authorization.
3.2.2 Accessibility and Security of Third Party Users
Third party users can easily access the loan department for information purposes. However, security layers are imposed at transaction points. Initial transaction point filters the five states services by McBride Financial Services which are: Idaho, Montana, Wyoming, North Dakota, South Dakota.
The required fields that the user will see in the interface are the main requirements in order to take the transaction from one level to the next, or to set up a new transaction or application. Usability of the interface is a very important feature of these transaction facilities. McBride Financial Services understands the data privacy and security concerns of those who access the site. For the transaction pages and facility of the loan department, McBride Financial Services collect the users’ personal information and other relevant financial and credit details. The input of these data is then encrypted as it gets transferred over the Internet; the company uses the industry standard encryption, Security Sockets Layer (SSL). 4.0 Enforcement
The design of this OLA should comply with the requirements of the loan department according to their required functionality, accessibility and security. Violations of the security design will lead to investigation and action.
OLA / Online Loan Applications The means for users or customers of the company to make transactions for their loan concerns.
ASP / Application Service Provider The party providing this functionality.
Guel, M. (2007). A Short Primer for Developing Security Policies. SANS Institute.
Retrieved 5 September 2008 from http://www.sans.org/resources/policies/Policy_Primer.pdf