Information Assurance Policies Developed Within The Title...

Introduction How are information assurance policies developed within the title insurance industry? While each organization can choose to follow its own path, there is an established set of best practices available. These best practices are available from the American Land Title Association, and they address most of the issues that are related to information assurance in the industry, but do these practices completely cover all of the necessary areas of information assurance or are there weaknesses that need to be overcome? How can these best practices be improved and how would the improvements alter the daily function of the industry? Are there any barriers in place that may cause difficulty in implementing new procedures? All of these†¦show more content†¦Ã¢â‚¬ ¢ Adopt and maintain written procedures related to title policy production, delivery, reporting, and premium remittance. †¢ Maintain appropriate professional liability insurance and fidelity coverage. †¢ Adopt and maintain written procedures for resolving consumer complaints. While all of these best practices have a minor role in the information assurance policy development process, the practice for adopting and maintaining a written policy and information security program to protect Non-public Personal Information as required by local, state, and federal laws is the main focus in this regard. ALTA’s stated purpose of this practice is: Federal and state laws (including the Gramm-Leach-Bliley Act) require title companies to develop a written information security program that describes the procedures they employ to protect Non-public Personal Information. The program must be appropriate to the Company’s size and complexity, the nature and scope of the Company’s activities, and the sensitivity of the customer information the Company handles. A Company evaluates and adjusts its program in light of relevant circumstances, including changes in the Company’s business or operations, or the results of security testing and monitoring. There are eight procedures that must be performed to meet the requirements