home | the process | frequently asked questions | calculators | loan types | links | about us | contact gary now

*In implementing the information security requirements of the Gramm-Leach-Bliley Act of 1999, the Federal Trade Commission promulgated the Safeguards Rule which requires mortgage brokers to develop, implement and maintain a written information security plan to protect customer information.

1) The company president and the loan processor shall be the individuals responsible for coordinating customer information security safeguards. The president will oversee the technical and operational implementation and maintenance of all safeguards in place now or in the future. The loan processor(s) will ensure compliance with all required disclosure notices to be signed by the applicant and will notify the president whenever any attempt is made from an unknown or unauthorized entity outside of Citivest Mortgage requesting specific customer information. Additionally, loan processors will ensure compliance with FACTA requirements as per regulation. Loan originators will be responsible for FACTA compliance per regulation and will make any notification to the applicant, as may be required based on actionable prompts from applicant’s credit file as reported.

2) The sufficiency of all existing safeguards has been determined by the company president to be in compliance with current regulations, rulings and opinions available on the matter and is reviewed periodically by the company president through various means including but not limited to: bulletins from regulatory agencies, investors and other service providers as they become available; operational and technical updates as provided by hardware and software licensors; internet service providers and technical service support subcontractors; and, public utilities.

3) Foreseeable risks presently known to the industry at large are generally limited to hacking and other unauthorized access by wire or unauthorized access by employees. All electronic information systems currently utilized are protected from unauthorized access by: public utility-provided firewalls and modems; operating system firewalls and virus protection software installed in all computers within the company; and all software applications and hardware are individually password-protected. All employees/agents are trained regarding the compliance of all regulations, use of electronic systems, company privacy policies, as well as the processing, storage and disposal of information.

4) Federal statute requires Citivest to maintain evidence of disclosure to the applicant for no less than two years from the date the application was signed. New Mexico statute requires Citivest to maintain the same as well as all other documentation submitted to Citivest and/or its investor(s) to obtain approval of the applicant’s request for no less than six years. Due to the lack of parity between federal and state statutes and the present cost of digitally imaging and storing such documentation, all applicant files will be retained in their physical form for no less than six years from receipt of the signed application. Physical files are presently maintained at the Citivest office and are accessible only to employees/agents of Citivest and must be logged in and out of the filing system during normal business hours. At all other times, the business entrance is locked so no public access is available by any legal means. At such time when physical files may be removed from the premises for storage they will be stored at a private, fee-for-service storage facility under lock and key with controlled and monitored access. Any physical records not required to be maintained are regularly destroyed by crosscut shredding, burning or other means that would render the information illegible and/or unintelligible.

5) All passwords issued to employees/agents is at the sole discretion of the company president. Such passwords are from time to time rescinded and must be reissued by the company president. Hardware and software safeguards are reviewed by the company president and security consultants no less than twice per year. Service providers to Citivest are contractually obligated to maintain appropriate safeguards which Citivest and/or its security consultants review from time to time. Such safeguards may include but are not limited to Secure Socket Layer’s for all data and email server communications; password protection of software applications; hardware and software firewalls as needed or required; and, physical protection of the premises where the service provider’s office/equipment is located.

6) The efficacy of the security plan will be evaluated no less than once per year for its overall effectiveness. Recommendations will be sought by independent security consultants that have no intimate knowledge of or, access to any of the current safeguards and/or customer information in place to ensure objectivity in the evaluation.

For additional information or questions, please call the company president at 505-982-9530 or, write to the address above.
* Copyright 2004 by Divine Abundance, Inc. d/b/a Citivest Mortgage


Gary Miller, Senior Loan Officer
American Captial Mortgage Inc.
444 Galisteo, Suite B
Santa Fe, NM 87501
Tel: 505-982-9530
email: garym@santafemortgagesource.com

Citivest Customer Information Security Plan
Start pre-qualifying now!
Customer Security Plan

Citivest Mortgage Address