In this episode of Federal Credit Fridays, Anthony Curcio talks with Summit’s Josh Baker about information security compliance, including technical infrastructure, compliance requirements, and the management of large data sets.

Underwriting Loans, Managing Portfolios, and Deploying Capital

Information security compliance is a large part of federal credit programs. It includes less visible components, such as technical infrastructure, which is an important part of program support, and the compliance requirements that govern how that infrastructure is designed and operated. Federal lending programs are unique because they must manage large data sets that span years, sometimes even decades, while remaining subject to evolving audit standards, reestimate cycles, and strict controls around data security. As Anthony says, “This creates a distinctive operating environment where compliance is not simply a matter of policy adherence but a continuous balancing act between accessibility of that data.”

Loan Data Is Large Data

To close today’s episode, Josh explains the differences involved in handling federal government data sets, stating, “A normal business can set a data retention life cycle of three years. After three years, if it hasn't been touched, go ahead and automatically delete it. That doesn’t necessarily apply when you’re talking about government financial data.” Making sure all data is maintained, secure, and accessible is one of the largest challenges when working with expansive government data sets. Anthony and Josh explain how the National Institute of Standards and Technology (NIST) has developed a set of security controls. These standards are now the expectations contractors must meet to safeguard the data being dealt with.