Perform Due Diligence on SunCorp
SunCorp understands our Member Credit Unions' desire to acquire all of the FFIEC, OCC, FDIC, OTS, and NCUA recommended vendor management compliance related documentation. Contained on this page are links to or information regarding the compliance related documentation required to satisfy the regulatory agency requirements for our Member Credit Unions.
Safety & Soundness
SSAE 16 (SOC 1) Report – The report contains:
- Human Resource Policies & Procedures
- Physical Security Policies & Procedures
- Logical Security Policies & Procedures
- Infrastructure Change Management and Control Policies & Procedures
- intrusion Detection and Incident Response/Notification Policies & Procedures
- High-Level Network Diagram and/or Firewall Configuration
- Business Continuity and/or Disaster Recovery Policies & Procedures
- Disaster Recovery Testing Results
To request a copy of our SSAE 16 (SOC 1) Report, please send an email to Charlie Watts at firstname.lastname@example.org with your request. Please include: name of CU, name & title of requestor, requestor email address, phone number. If you are a 3rd party requestor, please provide the CU information that you are representing.
ACH Compliance Audit Letter
SunCorp's annual ACH compliance audit letter can be found here.
Business Insurance Coverage
SunCorp maintains its required Corporate Credit Union Bond and insurance coverage through National Union Fire Insurance Company, including coverage for errors and omissions, in the amount of $10 million. To view the Bond, click here.
Records Management Policies & Procedures
SunCorp shall ensure that all records are maintained in a manner that protects the records and the confidentiality contained therein from both physical and criminal damage. Controls shall be in place to restrict access to records based on the requestor’s need-to-know in the performance of his/her official duties. To this end, SunCorp will allocate sufficient time and resources to ensure the protection of its records.
Security controls shall be employed on all areas and media where records are stored. Paper records may be copied to a more permanent and less space media; electronic, disc, etc. (unless otherwise regulated) and kept in duplicate as to maintain a copy on and off site. Logs shall be maintained of all records sent to offsite storage. Controls shall be in place to insure that as their time evolves records shall be destroyed in a controlled and supervised manner.
Subcontractor/Vendor Management Policies & Procedures
The SunCorp Vendor Management Program will apply to all products and services that support a business function or member service. SunCorp manages the risk associated with third-party relationships by: 1) initial vendor risk assessment, 2) exercising appropriate due diligence in selecting third party vendors, 3) contract structuring and review, and 4) post selection vendor oversight and monitoring.
Credit Union Reference Guide
SunCorp's contingency, recovery, and continuity summary document for Credit Union members can be found here.