At FHLBank Topeka, we are committed to protecting FHLBank’s information assets, including the privacy of our customers and the confidentiality of nonpublic information.
The confidentiality, integrity and availability of information assets are essential to fulfilling FHLBank Topeka’s mission and maintaining positive, successful relationships with our stakeholders. FHLBank Topeka values the information customers entrust to our care. As a result, we utilize many internal processes to ensure the confidentiality, integrity and availability of our information assets. In order to assist you with your regulatory compliance under the Gramm-Leach-Bliley Act and manage your relationship with FHLBank, this page is intended to provide a summary of our privacy and information management practices.
NONPUBLIC PERSONAL INFORMATION
FHLBank Topeka adheres to the following practices to protect nonpublic personal information:
- We maintain physical, electronic and procedural safeguards designed to maintain the security and confidentiality of any such information that you share with us.
- We permit only authorized employees, who are required to keep such information confidential, to have access to it.
- We use or disclose such information only (a) in the ordinary course of business performing services on your behalf, (b) as permitted by 16 C.F.R. § 313.11, or (c) as may be required by law or by our regulator, the Federal Housing Finance Agency.
- We maintain procedures to ensure the proper disposal of customer information.
CONTROLLED ACCESS, ASSET CONTROL AND CHANGE MANAGEMENT
FHLBank Topeka has a responsibility to secure its information assets. As a result, policies and procedures are maintained to control access to information assets. The following are examples of the steps we employ to protect our information assets:
- Group memberships that grant access to information assets are regularly reviewed by managers and employees designated as system owners.
- Network Administrator permissions are strictly limited and required before any computer system is allowed to join the internal network.
- Change management processes require the use of different environments for systems development, testing, quality assurance, production and disaster recovery.
- Change control procedures are used to ensure changes made to user accounts, operating systems and applications are pre-approved and authorized.
- System owners ensure all changes to applications and permissions work as expected.
- Automated tools are used to track all changes made to critical systems.
RECORDS MANAGEMENT, DATA CLASSIFICATION AND ENCRYPTION
FHLBank Topeka recognizes records management is an important responsibility. Consequently, we established and maintain a Records Retention Program. Information assets are organized into categories with specific classification and retention periods. Restricted data have special handling instructions with the encryption of restricted data required for transmission over the Internet.
Our Information Security Officer conducts security awareness training at least annually for all FHLBank Topeka employees and contractors, with periodic reminders and security-related headline events posted to the internal employee web portal. Awareness training includes information on social engineering, including how to identify and respond to phishing attempts as well as physical security threats. Application developers are required to attend specialized training annually to keep current on secure coding practices.
SYSTEMS ADMINISTRATION AND SECURITY
Automated tools are used to update software applications and operating systems when patches are released. Anti-virus software is widely deployed and updated on a regular basis using automated tools. System logs are reviewed and monitored to detect unusual events. Information security events are investigated and escalated per FHLBank Topeka’s incident response procedures. Network security and penetration testing is completed annually by a third-party security consultant with all issues are tracked until remediated to a level acceptable to risk officers.
Robust and aggressive vulnerability management is a key facet of FHLBank Topeka’s information security program. For security reasons, FHLBank does not disclose specific details regarding its vulnerability management program or any systems/applications it may use. However, rest assured that each and every system is thoroughly vetted, proactively managed and meticulously monitored 24x7x365 for any potential issues that may arise.