orange angles graphic
VYFI Industry-Leading Information Security CUSO logo
grey angles graphic

Get to know CEO Alan Ropes

VyFi CEO Alan Ropes and host Mark Ritter discuss security, compliance and lots more...

Compliance Made Easy

VYFI, LLC is a Credit Union Service Organization (CUSO) and was formed as a result of a purchase by Launch Credit Union of the credit union business unit of Security Compliance Associates, which has served the credit union industry since 2005. We currently support over 170 credit unions ranging in asset size from $50 million to over $18 billion in asset size. VYFI is positioned to provide your institution with cost-effective services, support and expertise to better safeguard your member information.

VYFI has conducted over 1,000 credit union information security assignments. VYFI’s services include internal and external vulnerability assessments and penetration testing, risk assessments, policy review and development, IT security controls reviews, business continuity program review and development, social engineering assessments, training, and facility reviews all focused on Credit Unions. Additional enhanced services include online banking assessments, mobile banking assessments, web application testing, PCI assessments and many other information security services.

Utilizing our expertise and guidance, VYFI strives to assist your organization in reaching and maintaining compliance with respect to “Safeguarding Personally Identifiable Information”, per the Gramm-Leach-Bliley Act, 12 CFR Part 748 Appendix A and B, 12 CFR Part 749, as well as FDIC, FFIEC and related interagency guidelines.

How can we assist you?

Security Compliance Governance

Security

Identifying and evaluating risks and vulnerabilities are critical steps in establishing an effective information security program. Our skilled and experienced security analysts can help your organization identify and evaluate risks, determine effective strategies for reducing and eliminating risks and managing those risks that cannot be eradicated.

  • Vulnerability Assessment – Vulnerability Assessments assess the security posture of your external and internal network and systems.
  • Penetration Testing – Penetration testing is a form of security testing where VYFI emulates real-world attacks to identify methods or pathways to evade the security features of a network, system or application.
  • Information Security Risk Assessment – This theme can be found in regulatory requirements spanning financial services, healthcare, government and other industries who handle sensitive information. Risk assessments and supporting documentation are extremely important for maintaining full compliance with regulatory requirements.
  • Application Assessments – Application Security Assessments evaluate the security of critical, internal, external, web and mobile applications by identifying potential vulnerabilities through a series of automated and manual checks. Our analysts will attempt to exploit potential vulnerabilities and test security aspects related to functionality, usability, interface, and compatibility.
  • Controls Assessments – The Center for Internet Security (CIS) Critical Security Controls is a collection of best practices that organizations should take to defend against or mitigate known cyber threats.
  • Physical Security Assessments – A Physical Security Review is an evaluation of the measures taken to provide for the physical security of your organization’s information systems as well as client information and vital records maintained on other media.

Compliance

Credit Unions face a growing amount of strict Federal and State regulations and industry-specific mandates for information security compliance.  Our skilled and experienced compliance analysts will help your organization navigate and maintain compliance with these laws and guidelines.  In fact, we guarantee that your organization will be in compliance when our recommendations are followed!

  • Gramm-Leach-Bliley Act (GLBA) Gap Analysis – Our process reviews your entire enterprise from a “safeguarding customer and member information” point of view in order to evaluate compliance, as well as provide an informed opinion. Our GLBA Gap Analysis provides a baseline for your current state of practice and it will be measured against industry standards, regulatory GLBA compliance, and VYFI best practices.
  • Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Assessment – Our information security analysts will verify and validate the integrity of your cybersecurity posture with a unique process that covers all five cybersecurity domains keeping your target cybersecurity maturity level in mind. Our Cybersecurity Assessment will deliver a completed FFIEC or NCUA assessment tool, help your financial institution prepare for regulatory cybersecurity scrutiny and enhance your cybersecurity posture.
  • Website Compliance / ADA Review – The Website Compliance Review will assess the compliance of your organization’s home page and all internally linked web pages. To help meet the requirements of the Americans with Disabilities Act (ADA) and other web development consortiums, we also evaluate webpage accessibility, access to content, audio and video text equivalents and alternatives provided for people with disabilities that are unable to use computers to access online services.

Governance

Credit Unions are expected to have elements of corporate governance in place. This is not only a requirement measured by the examiners but also by your Board of Directors. VYFI can provide your organization with proven methodologies and customized solutions for your Information Security Program, Business Continuity Management, and Incident Response. Our security and compliance experts collaborate on providing proven solutions that meet regulatory and Board requirement.

  • Information Security Policy Program – The Information Security Policy Program is offered in three tiers:
    1. Review of your current Information Security Policy, Procedures, and Employee Use Guidelines against regulatory requirements, industry standards, and VYFI best practices.
    2. Develop Information Security Policy, Procedures and Employee Use Guidelines that meet regulatory requirements, industry standards, VYFI best practices and are specific to your organization.
    3. Maintain your Information Security Policy, Procedures and Employee Use Guidelines to keep pace with legal and regulatory changes as well as changes to your systems, environment, and staff.
  • FedLine Resiliency Assurance Program Assessment – The FedLine Security and Resiliency Assurance Assessment is intended as a review of the controls that are required to implement the solution in a secure manner.
  • Incident Response Program – Our Incident Response Program is offered in three tiers:
    1. Review of your current incident response plan and procedures against regulatory requirements, industry standards, and VYFI best practices.
    2. Develop an Incident Response Plan and Tactical Procedures that meet regulatory requirements, industry standards, VYFI best practices and are specific to your organization. 
    3. Maintain, Test, and Document your Incident Response Policy and Tactical Procedures to keep pace with changes. On a frequency determined by you, we will also lead your incident response team through tabletop exercises so that all team members are familiar with their roles and responsibilities while responding to an incident.
  • Business Continuity Management (BCP/DR) – Our Business Continuity Management Program is developed utilizing three specific areas of focus:
    1. Assessment of your current disaster recovery and business continuity plan against regulatory requirements, industry standards, and VYFI best practices.
    2. Develop a Disaster Recovery and Business Continuity Plan that meets regulatory requirements, industry standards, VYFI best practices and are specific to your organization.
    3. Maintain, Test, and Document your Disaster Recovery and Business Continuity Plan to keep pace with changes as well as changes to your systems, environment, and staff. On a frequency determined by you, we will also lead your disaster recovery and business continuity team through tabletop exercises so that all team members are familiar with their roles and responsibilities after a natural or man-made disaster.

Contact Us to See How We Can Help Protect Your Members and Your Institution.