Security Policy Statement

Information and information systems are critical and important assets. Without reliable information and information systems, future viability would be in question. Accordingly, management has a fiduciary duty to preserve, increase and account for Michigan Heritage Bank information and information systems. This means that Michigan Heritage Bank management must take appropriate steps to ensure information and information systems are properly protected from a variety of threats such as error, fraud, embezzlement, sabotage, industrial espionage, privacy violation, and natural disaster.

Michigan Heritage Bank information must be protected in a manner commensurate with its sensitivity, value, and criticality. Security measures must be employed regardless of the media on which information is stored (paper, overhead transparency, computer bits, etc.), the systems that process it (workstation computers, mainframes -including hubs servers, voice mail systems, etc.), or the methods by which it is moved (electronic mail, face-to-face conversation, fax machines, etc.). Such protection includes restricting access to information based on the need-to-know. Management must devote sufficient time and resources to ensure information is properly protected.

Michigan Heritage Bank management must additionally make sure information and information systems are protected in a manner that is at least as secure as other organizations in the same industry handling the same type of information. To achieve this objective, annual reviews of the risks (risk assessment) to information and information systems must be conducted. Similarly, whenever a major security incident indicates that the security of information or information systems is insufficient, management must take remedial action to reduce exposure.

Decision-making is also critically dependent on information and information systems. Management must make reasonable efforts to ensure all information is accurate, timely and complete.

All employees, consultants, and contractors must be provided with sufficient training and supporting reference materials to allow them to properly protect and otherwise manage information assets. Training materials should communicate that information security is an important part of business and must be viewed like other on-going business functions such as accounting and marketing.

The SMC centralizes guidance, direction, and authority for information security activities for the entire organization. The SMC is responsible for establishing and maintaining organization-wide information security policies, standards, guidelines, and procedures.

The Board of directors of Michigan Heritage Bank has made Gary Schlinkert the Information Security Officer. Cathy Ballard is the Assistant Information Security Officer. It is their responsibility to ensure that the employees and vendors of Michigan Heritage Bank adhere to the policies, standards, guidelines and procedures regarding Information Security.