WEBSITE SAFEGUARD POLICY
New Dwelling Developments Inc DBA New Dwelling Mortgage
In an effort to protect consumers' private information and to comply with the Federal Trade Commission’s Safeguard Rule, the following policy and procedures are implemented and adopted. The company has access to consumers' personal information that must be protected. The Company considers identity theft as the main risk to consumers when they supply confidential information to us via our website. The following plan shall ensure that the information obtained is secure, properly utilized and properly disposed of.
Violations of this or any other company policy will result in disciplinary action up to and including termination of employment.
Frank V. Collo, President is the designated officer/employee of the company that will be responsible for the implementation and ongoing monitoring of the plan. He will be monitoring the websites of our software vendors and read relevant industry publications for news about emerging threats and available defenses and will promptly pass along information and instructions to employees regarding any new security risks or possible breaches.
This plan will be reviewed annually to evaluate and adjust the program in light of relevant circumstances, including changes in the company’s business or operations, or the results of security testing and monitoring identify and assess additional risks to consumer data and information systems. Documentation of each annual review will be maintained by the company for a period of at least 3 years.
The Company’s website www.NewDwellingMortgage.com will be controlled and serviced from 900 South Ave Suite 42-43, Staten Island, NY 10314. Consumer information is obtained directly from the consumer at the company’s website. This information will include the full name, phone number, email address, social security number, banking information, credit information, all the necessary items to complete a mortgage application and the property address that the consumer is interested in receiving information about. Employee access to this information will be limited to those who need this information to perform their duties.
Because of the nature of information collected from the consumer through the website we recognize that there is a risk of the consumer’s information being stolen. In order to protect against identity theft all of the data that customers provide will be transmitted securely to our server where we implement industry standard best practices in securing consumer data; such as using SHA-256 encryption. The system that we will be using is through RackSpace.com and is SOC2 Type II certified. The provider maintains a SOC2 Type II compliance level, which includes management of software updates. RackSpace.com implements security software patch updates on their platform as quickly as possible after notification of availability is received. SOC2 Compliance ensures their systems are maintained at appropriate patch/system version levels through timely application of system updates.
The Company will exercise appropriate due diligence in selecting service providers and ensure service providers have implemented adequate security controls to safeguard customer information.
Protection of Information
Prior to engaging any vendor and at least annually Frank V. Collo, President will review the security measures each vendor has in place to prevent unwarranted intrusion by outside parties, and verify that their Safeguard Policy complies with the Federal Trade Commission’s Safeguards Rule and, if they don't have a compliant Safeguards policy then he will insist that they establish one before we do business with them.
Verify that any approved vendor has adopted policies and practices designed to:
Ensure that its security controls, procedures and policies examined, measured and validated by Cybertrust, or another industry recognized group.
Ensure the security and confidentiality of business and consumer information, Protect against any anticipated threats or hazards to the security or integrity of business and consumer information, and Protect against unauthorized access to or use of business and consumer information that could result in substantial harm or inconvenience to any client or consumer.
Such measures include access controls on computer systems which require users to log in with a unique user identification and strong passwords, "firewall" technology, access restrictions at physical locations where business or consumer information is maintained, encryption of information transmitted and stored electronically, employee screening, and monitoring of security measures, both internally and in connection with information shared with third parties.
Penetration testing will be performed at least annually and anytime there is a significant infrastructure or application upgrade or modification.
At all times the company shall maintain antivirus software on any computer that is used to access or store consumer information.
If, at any time, an employee or affiliate suspects that there has been a breach concerning any consumers' private information, the employee shall immediately report same to the president of the company who will determine the appropriate measures and reporting requirements of any breach.
Upon hire, each new employee shall meet with the president of the company to review this policy. In addition, each new hire shall be given a copy of FTC Facts for Business: Complying with the Safeguards Rule. https://www.ftc.gov/tips-advice/business-center/guidance/financial-institutions-customer-information-complying In addition, all new hires are subject to background checks. References will be checked. All employees must affirm to subscribe to the company's confidentiality standards.
At least annually, the president shall require a mandatory training session for all employees to review the safeguards policy and discuss the appropriate procedures.