May 21, 2021 - 1:35pm
#1
Regarding token security, do you require unissued or returned system tokens to be handled and stored under dual control? Why or why not?
If no, what are the other controls in place that allow System Admins to maintain unissued tokens in single control? What is the risk?
Does the control type (single vs. dual) vary with the type of system (i.e. Fedline, ACH, Foreign Exchange) or do you have a standardized process for all system tokens?
