Security

We make the privacy value chain — CRM_A links YOU links YOUR CUSTOMERS — top priority across all policies, practices and procedures for electronic and physical information protection.

Not just our business, our way of life

Your financial institution demands the highest, most advanced privacy environment possible. Our business commands the pre-eminent fusion of expertise, technology, and priority to make that happen, and then some. We review all three elements continually to ensure that we deliver the highest quality and most secure total solution in the industry. What does this mean?

  • We continually train all of our employees (C-level to entry level) to guard the confidentiality of your information.
  • We invest in our technology infrastructure to remain two steps ahead of the most stringent (and evolving) privacy demands in the industry.

Not just armor, your time and money

Our in-house experts and support staff are on point to guarantee best-in-market security and quality control, including with electronic correspondence. Above-standard security protocols enable our people to interface with yours, on-premise and remotely. The result is threefold:

  • Anytime, anywhere productivity
  • Right-sized travel, lodging and on-premise billing expenses
  • Lower cost engagement for best total-value

Policies and Procedures

Procedures for Protecting Client Information

CRM_A considers the privacy of our clients, and of their customers, extremely important. Even though we are an external vendor to your institution, we consider CRM_A to be aligned with your interests. Our company has taken great strides to put safeguards in place regarding the security of any electronic or physical information obtained from our clients. The technologies and processes used to protect information are reviewed frequently, and improved as needed. We implement full-disk encryption on all laptops. Information is only available to authorized employees, who are trained to respect and guard the confidentiality of this information. They are held accountable for adhering to established standards, procedures and laws.

The following outlines the technologies and procedures that CRM_A utilizes to maintain appropriate privacy of information.

Electronic Data Procedures

We are committed to maintaining the confidentiality, integrity and overall security of our clients' non-public, personal information. We have implemented appropriate physical, electronic and managerial procedures to safeguard and secure the information we collect or handle to prevent unauthorized access, to maintain data security and to facilitate the proper use of information. Our technological controls employ multi-layered or defense-in-depth security including but not limited to hardware and software firewalls, web filtering proxies, enterprise class anti-virus software, host-based intrusion prevention and anomaly detection software, operating system hardening using industry consensus best practices and data encryption. Following the principle of least privilege, all information is assigned specific access rights restricting users from accessing data that is not essential to their production. All servers are physically stored in a locked "swipe key" environment with 24-7 monitoring. Any data temporarily stored on company laptops or removable media is protected by whole disk encryption.

All CRM_A associates sign and are bound by our Employee Statement of Privacy and Confidentiality agreement and our Computer Acceptable Use Policy. CRMA, LLC implements an extensive array of procedures to ensure the safety of all electronic loan data submitted by its clients for loan review services.

Electronic Loan Data Downloads

CRM_A implements the following procedures to help protect the safety of electronic loan data submitted by its clients for loan review services.

Procedures
  1. Upon receipt of data from a client, the data is analyzed and stored in a specific, restricted folder on one of our company servers.
  2. Our standard protocol for transferring sensitive data is via a secure web site using SSL for encryption of the data in transit. We do not accept data via any insecure protocols. We encourage our clients to follow this procedure to securely submit any data to us.
  3. A Loan Sampling Specialist processes the loan data. If the data contains individual customer Tax ID numbers or Social Security numbers and it is determined that these are not relevant to the sampling process, that information is removed from the data file. If this data must remain, the numbers can be masked on any printouts from our Loan Review Manager system.
Physical Data Protection

CRM_A protects its offices with electronic security devices that remain in place 24 hours a day, 7 days a week.

CRM_A contracts a private shredding company to shred all documents "on-site." Any physical information requiring archiving is kept in a secure location on premises.