Information Usage
The information being collected by us only to effect, administer, service or enforce the service being provided to your financial institution, as described above. We agree to apply reasonable and customary business practices to protect and secure the information you submit on IDoHaveInsurance.com and to limit access and usage of such information to the parties necessary to provide the services described above. Such parties may include, but are not limited to, your financial institution and your insurance company/agent.

If you are an agent you agree that you are accessing this site with the permission of your insured and have the authority to pass your insured’s insurance information to us as well as have your insured’s permission to use certain identifying information such as but not limited to borrower name, loan number and insurance verification reference number.

This Institution, its affiliates, and our Licensors are the sole and exclusive owners of these computer systems, associated networks, and data. Those who unlawfully use or gain access to all or portions of the same without authority will be prosecuted.

Security Practices
We take Information Security very seriously. This document is meant to give our business customers an overview of the practices that we follow in order to protect both our computer systems and the data that has been entrusted to us.

System Access Policy
Access to our online services and business functions is secured by a combination of borrower name, loan number and insurance verification reference number. However, our security rule for bank and credit union employees (who do business on behalf of the bank and credit union) are different than the rules for bank and credit union borrowers (who do business only on behalf of themselves). The initial password for bank and credit union employees must be changed the first time that the account is used. We also require these passwords to be changed every 90 days thereafter. While it is true that many Internet sites do not force their customers to change passwords at all, please remember that these are frequently retail sites. For these types of sites, if your password to these sites is compromised, you are usually the only person affected. On the other hand, credit union employees are doing business on behalf of the credit union, and have access to much more data than just their own. If their passwords are compromised it could have disastrous effect on the data of many members of that credit union. A forced password change every 90 days will decrease the risk of this happening. Credit Union members having accounts with us may choose their own password, and although we recommend that they change it periodically, we never "force" them to do so.

Data Encryption
We support 128-bit SSL (Secure Socket Layer) data encryption for our online business services that require data transmission. We believe that this provides powerful data security.

Internet Service Provider Connectivity and Reliability
Our web activity is routed through a local Internet Service Provider (ISP). This ISP’s Network Operating Center features multiple high-bandwidth Internet connections and redundant power protection. We believe that this provides us robust and reliable Web capability. The Network Operating Center is a controlled environment featuring physical and electronic security measures that include hand-scanning devices, digital video surveillance, multiple firewalls, and electronic intrusion detection technology. Its team of security specialists understand our critical business need to be able to offer 24 x 7 Web capability to our customers.

Computer Viruses and Malicious Software
We attempt to ensure that all files coming in to the network are scanned for viruses and other malicious software. It is our custom to deploy anti-virus software on our mail, web, and application servers as well as on all desktops. Our regular procedures call for regular updating of Virus "signature" files. In addition, emergency procedures designed to contain any virus outbreaks are in place.

Intrusion Detection Capabilities and Firewalls
Intrusion Detection systems are in place through which we attempt to monitor all network traffic both to and from the Internet. These systems are designed to note and intercept or block suspicious activities as deemed appropriate. In addition, our networks are also protected by firewalls which further serve to filter and block suspicious traffic that is detected.

Incident Response
We have established a process for evaluating and responding to potential security incidents. A core team from our Legal, Compliance, Security and Audit areas are available in the event an incident involving our electronic systems is detected. This team is charged with:
• Evaluating the incident
• Determining the appropriate mitigation strategy
• Determining the appropriate notifications to be made which may include law enforcement officials, credit union customers and other third parties.

Data Backup
Our policies require that all production data be backed up on a regularly scheduled basis. The backups are done centrally. The data backup process is automated and monitored for any error situations. Our procedures call for each backup to be copied and stored off-site in a protected, climate controlled environment. Independent Security Assessments Our site employs the services of various external consulting and auditing firms to test our defenses and report on any vulnerability detected. In addition, our online data security procedures have been certified by the Cybertrust - an internationally recognized security consulting organization. This certification means that Cybertrust has tested us for vulnerabilities, and has determined that meets Cybertrust's standards for protection of systems and customer data. Cybertrust’s certification requires a series of evaluations and recommendations on overall network architecture, connectivity, physical security, redundancy and disaster recovery capabilities, environmental controls, system configurations, and operational policy compliance. Once the site is officially certified, Cybertrust security analysts work with us to regularly monitor adherence to their practices and standards. We are proud of our Cybertrust certification, and certification is not a function of simply letting Cybertrust technicians attempt to break into our systems. A team from ’s Information Security, Technical Services, and Electronic Commerce areas worked with the Cybertrust consultants, and regularly works with them, to identify potential data security threats, and to take what we believe to be appropriate actions to minimize or eliminate these threats. We take these measures to attempt to assure that the sensitive financial data we receive from our credit union customers and others is handled according to appropriate data security practices.

Additional Information
From time to time our customers, business partners, and other interested parties ask for more detailed information about our information security infrastructure, including specific questions about the types of firewalls we use, how they are configured, operating systems on our servers, and details on our Intrusion Detection and Response procedures. However, we do not believe that it is in the best interest of our customers and others with whom we do business to divulge this type of detail about our computer systems and defenses, nor the details of our audits or security reviews. If this type of information were to get into the wrong hands, it could potentially be used against us. The first step in any hacker attack is to determine what types of defenses are in place at the targeted site. Armed with this knowledge, the potential hacker has one less step to go through in order to breach any defenses in place.