Recently, the Mortgage Bankers Association released “The Basic Components of an Information Security Program,” for small and medium size companies in the mortgage industry that may not have the resources to stay well-informed of all the laws, regulations, regulatory guidance, security frameworks and best practices that have been issued by various government or private entities.

The whitepaper, authored by members of the MBA Residential Technology Forum Information Security Workgroup, describes critical risks that the mortgage industry faces and provides practical steps to mitigate them, beginning with instituting an information security program and a regular self-assessment of that program. “We understand that some organizations have limited resources to accomplish this, so while recommending that organizations incorporate all sections in this document as part of a basic program, there are ‘absolutely necessary’ steps that most regulators and standards organizations regard as critical and that the authors believe should be made a priority,” states the whitepaper. Accordingly, the whitepaper recommends that corporate security should be prioritized by senior management and its continued development should be encouraged.