News & Articles


What About Online Security for FCMM?

Authored by: Jerry Rich
Date: September 1, 2017

All of FCMM’s web-accessible information is handled by our vendor, Alerus Financial, which uses current protocols that comply with stringent banking cybersecurity practice. Best security is one of the reasons we outsource the accountholder access to an entity who works on a larger scale in this arena.

Alerus affirms their serious approach to the security of internet accessible systems and describes their measures as follows:

"After major changes in our online systems we engage third parties to perform web application penetration tests specifically looking for OWASP Top 10 types of vulnerabilities.  Additionally we engage third parties to perform external penetration tests on a quarterly cycle."

"Our Information Security Program is designed to protect the confidentiality, integrity, and availability of our systems and data.  In addition we are also regulated by the OCC and are held accountable to meeting the requirements in the FFIEC's IT Examination Handbook and to GLBA.  We are examined by the OCC annually and engage third parties to perform audits on our Information Security Program throughout the year.  The results of the regulators and third party audits, penetration testing, and vulnerability assessments are presented to the Enterprise Risk Management Committee and exceptions are tracked to completion by the internal Audit Department."