12Berkshire Hills Bancorp, Inc. — BHLB | berkshirebank.com » 2022 esg Report
center hours, a new online and mobile experience,
and onboard additional communications resources.
We expect that these collective actions will help improve
our customers’ experience and contribute to our culture
of service excellence.
Another key dimension to how we deliver an exceptional
customer experience is in the management of customer
complaints. When we receive customers’ complaints, we
make sure to successfully address and resolve them as
quickly as possible. The Board of Directors Risk Management,
Capital and Compliance Committee provides Board-level
oversight of the Company’s complaint management process,
which is managed by staff in our Compliance Department
in close collaboration with all business lines. Complaints are
written statements, including emails, letters, faxes, social
media posts or verbal comments indicating dissatisfaction
with a product or service. In some cases, regulations include
received. All business lines have a responsibility to respond
to and resolve customer inquiries and complaints. All
complaints are documented and tracked to ensure they
are resolved to a high level of customer satisfaction.
Our complaint management system also allows us to
identify trends, elevate those trends and implement
mitigating measures to address and ultimately reduce
instances of dissatisfaction.
reduction is due to multiple factors, including enhancements
to our complaint resolutions processes, customer experience
improvements, a continued return to more normalized pre-
pandemic conditions and activities that continue to be rolled
out as part of our plan. We continue to strive to resolve all
customer complaints were addressed.
DATA PRIVACY,
CYBERSECURITY AND FRAUD
information of our customers is a top priority. As a community
risks relating to the use of technology and cybersecurity,
including denial of service attacks, ransomware, hacking
information or the creation of unauthorized transactions.
Risk Factors.
Our information and cybersecurity function is designed to
mitigate these risks proactively. It includes a comprehensive
Information Security Program containing technical,
administrative and physical controls and additional policies,
processes and procedures to assist with safeguarding
or destruction. It will also help protect our information
destruction, loss, misuse, theft or denial of service.
The Company’s
Information Security Program provides direction for
integrity, and availability of the Company’s information
assets, including customer information under guidelines
established as part of the Gramm-Leach-Bliley Act .
This program informs the organization of the administrative,
technical and physical safeguards in place to adequately
protect nonpublic personal information, as well as comply
with applicable laws and regulations. The Information
Security Program sets forth the Company’s commitment
to the continual review and improvement of policies,
processes, procedures and standards for evaluating
electronic and physical methods of accessing, collecting,
storing, using, transmitting, disposing of and protecting
customer information. The Company leverages relevant
expectations from the Federal Financial Institutions
Examination Council and uses standards from the
National Institute of Standards and Technology ,
among others, to control data security risk, as well as to
assess the maturity and effectiveness of the program.
The purpose of the Acceptable
Use Policy is to clearly establish each member of the
Company’s role in protecting its information assets and
communicate minimum expectations for meeting these
Company to implement a comprehensive systemwide
Information Security Program. The policy applies to all
users of computing resources owned, managed or
otherwise provided by the Company. Computing resources
include all Company-owned, licensed or managed
hardware and software, email domains and related
services, and any use of the Company’s network via a
physical or wireless connection, regardless of the ownership
of the computer or device connected to the network.
The policy provides a
framework for classifying and protecting information for
the Company and aids in determining the appropriate
involves the assignment of a label to data indicating the
in this policy. The label then assists the Company with
ensuring proper safeguards are in place for the data.
Berkshire’s Data Governance Program.
The policy establishes
requirements for security monitoring and event
management to detect unauthorized activities on company
information systems. Frequent monitoring and logging
components are required to effectively assess information
system controls, operations and general security. This
audit requirements for user activities, exceptions and
information security events; logging activities and actions
required to resolve system fault errors; guidelines for the
frequency of reviewing audit logs; protection of audit logs
integration of suspicious audit events and investigation
into incident response processes.
The Security
information assets and encompasses the infrastructure,
the information that infrastructure supports and the
Company’s regular business operations. The policy
ensures that a plan of action and approved procedures
for incident handling, investigations and responses,
including details of the tasks, roles, responsibilities and
accountabilities is maintained, reviewed and updated
as appropriate. It also ensures security incidents are
categorized and prioritized to ensure continuity of core
services within the Company and Berkshire is prepared
to effectively respond and contain security incidents.
Vulnerabilities create security weaknesses that can
be exploited by criminals and other adversaries. The
purpose of this policy is to ensure the company reduces
risks resulting from exploitation of published technical
vulnerabilities. The company ensures all applications
are fully supported by the vendor, maintains all support
and maintenance agreements for the lifetime of the
application, includes language in contracts requiring
RESPONSIBLE BANKING