The CU*Answers Due Diligence page is designed to assist our clients and prospective clients in fulfilling any obligation to conduct due diligence provided by our cooperative.  This “one stop shop” is to help simplify your needs when conducting vendor due diligence.  You can also request SSAE Reports and SSAE Bridge Letters from our Auditing Team.

SSAE Reports

The SSAE SOC 1 and SOC 2 Reports are our public housekeeping audits covering the primary controls we use to secure our systems. The current audit reporting period is for CU*Answers Fiscal Year 2023 (October 1, 2022 through September 30, 2023). CU*Answers alternates between SOC 1 and SOC 2 Reports every other year.

• CU*BASE Application Processing and Managed Hosting Services System
• CU*BASE Development System
• Network Management Services System

SSAE Bridge Letter Request Form

If your auditors or examiners request a Bridge Letter for the period between our SSAE audits, you can use the attached form to receive a Bridge Letter from our Audit Team. Bridge Letters usually take from 1-2 days to complete.

ACH Audit

CU*Answers conducts an annual ACH Audit. In 2024, the ACH Audit was performed by The Clearing House.

• 2024 ACH Audit
• 2023 ACH Audit
• 2022 ACH Audit
• 2021 ACH Audit
• 2020 ACH Audit
• 2019 ACH Audit
• 2018 ACH Audit
• 2017 ACH Audit
• 2016 ACH Audit

FedLine Security and Resiliency Assurance Program

CU*Answers conducts an annual assessment of the FedLine Solutions Security and Resiliency Assurance Program in accordance with the FRB Services requirements as described at: https://www.frbservices.org/resources/resource-centers/security-resiliency-assurance-program. Below is a link to the latest attestation letter referencing this assessment.

• 2024 FedLine Solutions Assessment Attestation Letter

CU*Answers Financial Statements

In light of the new third party due diligence requirements, we realize that more clients than just our owners need access to our financial statements. Listed below are our most recent published financial statements.

• 2023 Financial Audit
• 2022 Financial Audit
• 2021 Financial Audit
• Quarterly Financial Report
• 2020 Report to Owners

Insurance Declaration Sheet

CU*Answers’ insurance coverage renews every year on December 1.

• 2023-2024 Insurance Declaration Sheet

Software Escrow Certification

CU*Answers certifies the CU*BASE software has been deposited with the escrow agent upon the December release.

• 2023 Certification of Deposit of Software Source Code

Disaster Recovery/Business Resumption

CU*Answers has a very active Disaster Recovery and Business Resumption team. Documents from this team are produced on a regular basis. Both the most up-to-date reports and archives are available on this page.

Executive Leadership and Board of Directors

The most up-to-date information on the Executive Leadership Team and the Board of Directors can be found here:

• CU*Answers Executive Leadership Team
• CU*Answers Board of Directors

Business Plan and Strategic Technology Plan

CU*Answers to encourages our credit unions and CUSO to be inclusive of all owners when it comes to business plans and other business activities that owners might want to take an active part in. It is the difference in a cooperative; the community owns it and should be treated with the respect owners deserve.

To that end, our Business Plan Summary and Strategic Technology Plan are both available online.

Company Background

The most up-to-date background information on our cooperative can be found on our About page.

Policies

CU*Answers publishes policies on cyber security/information security, acceptable use, and other policies of interest to our clients and their examiners.

• Current Policy Manual
• Software Development Lifecycle Policy

Kevin Finneran
Software Development Lifecycle Testimonial
from the 2017 Boot Camps

Alayna Johnson
Software Development Lifecycle Testimonial
from the 2017 Boot Camps

SecuriKey

CU*Answers receives a large number of cybersecurity due diligence requests from our clients. Although we have a vast library of resources, accessing all of this information – especially if there is an examiner in the room – can be challenging for credit union staff. With the need to revise or publish a significant amount of cybersecurity due diligence information, CU*Answers is publishing SecuriKey, Your Key to Cybersecurity.

Each SecuriKey document will have the following features:

• Quick Reference Guide (intended to be something a client can provide to examiners)
• Summary of Features of the Service
• Detailed Risk Assessment Tools
• Ways for the credit union to engage with our teams (e.g. MOP has information for AuditLink for credit unions concerned with the Patriot Act)

SecuriKey Documents

• Its Me 247 Online and Mobile Banking
• MOP – Membership Opening Process
• MACO – Multi-Authentication Convenience Options
• idocVAULT – Core Image Processing

More Information

For more information, or if you have questions, please contact our CFO, Bob Frizzle at bfrizzle@cuanswers.com.

Learn more about Bob Frizzle.

Network Partner

Xtend Due Diligence