Skip to the main content.
Watch Demo Meet With Our Team
Facebook Instagram Linkedin X YouTube
Case Study

Lassen County Federal Credit Union: A Decade-Long Partnership That Transformed Information Security

Lassen County Federal Credit Union, a small Northern California credit union with just 15 employees, faced a daunting challenge: meeting increasingly stringent information security regulations without a dedicated IT or security officer on staff. After a tough NCUA audit in 2016 exposed gaps in their external IT audits and spreadsheet-based tracking systems, they partnered with Rivial Security. Ten years later, that partnership has transformed how the credit union approaches information security—earning praise from NCUA examiners who now recommend their risk assessment reports to other credit unions.

Heather Feliciano, Former COO & Current Consultant

Impacts & Highlights:e

Financial Services (Credit Unions)

Northern California

$100+ million
15
2016 (10 years)
Rivial Risk Assessment, Continuous Compliance, Incident Response, and External IT Audits

About Lassen County Federal Credit Union

Lassen County Federal Credit Union is a community-focused institution serving members in Northern California. With only 15 employees and no dedicated information security officer, the credit union relies on a small senior management team who wear multiple hats. Heather Feliciano, who served as Chief Operations Officer, managed everything operational including IT.

The Challenge: A Wake-Up Call from NCUA

Before partnering with Rivial, Lassen County FCU didn't realize they had a problem—until an NCUA auditor arrived who typically audited billion-dollar credit unions.

Key Pain Points

  • No External IT Audits: The credit union had never conducted external IT audits, not realizing it was required annually
  • Spreadsheet-Based Tracking: All risk tracking was done in spreadsheets that could easily be changed and lacked credibility with examiners
  • No Dedicated Security Staff: With only 15 employees and three senior managers wearing multiple hats, there was no bandwidth for dedicated IT security
  • Increasing Regulations: Information security requirements were becoming more stringent, and the credit union was struggling to keep up
  • Knowledge Gaps: Staff thought they knew IT well, but lacked deep information security expertise

You don't really realize that you're having any problems until something comes up. We had an NCUA auditor who let us know that we were lacking in external IT audits. We just always thought that was NCUA's job to do that."

He said we were doing pretty good for the amount of people we had on staff, but there could be areas to improve upon. Spreadsheets can just be changed—you can make them say whatever you want them to say."

The Solution: Finding a True Partner

After evaluating several vendors, Lassen County FCU chose Rivial—then a relatively new company—because of the personal connection and commitment to customer service demonstrated by CEO Randy.

Why Lassen County FCU Chose Rivial

Personal Connection

Randy took time to answer every question and shared his background

Patience

Extremely patient with a CEO who had many questions before spending member money

Comparable Cost

Competitive pricing with larger, more established companies

Small Credit Union Focus

Personal touch that larger vendors couldn't provide

My CEO back then had a lot of questions before she would spend any sort of money. Randy was extremely patient."

We were a smaller credit union and we kind of wanted the personal touch. That's what set Rivial above the other companies."

Transformative Implementation

The on-site implementation in 2016 proved to be a turning point.

"In that week with Randy, I had probably learned more about information security and member data protection than I had learned in the past 10 years of working in my position."

Key Results and Benefits

The risk assessment platform has completely transformed how Lassen County FCU presents to examiners—and the response has been remarkable.

  • Examiner Praise: NCUA examiners called their risk assessment reports "beautiful" and "amazing"
  • Recommendations to Others: Examiners said they would recommend the platform to other credit unions
  • Zero Questions: No questions about risk assessments for the past three years since implementing the service
  • Board-Ready Reports: Reports that can be printed and presented to the board with clear explanations

"I have been able to present that to NCUA and they think it's beautiful. In fact, they said they were going to recommend it to other credit unions. They're not supposed to plug things, but they just loved the way it looked."

"I have not been questioned about my risk assessment for probably the past three years."

For a credit union where everyone wears multiple hats, the time savings have been transformative.

  • No More Spreadsheets: Eliminated hours of spreadsheet management and manual tracking
  • Automated Reminders: Platform sends reminders for compliance tasks, keeping things on track
  • Proactive Guidance: Rivial catches potential issues before they become audit findings
  • Quarterly Updates: Risk assessments only need minor quarterly reviews once initially set up

"It allows me to handle other things while Rivial is handling that for me. There's a great cost savings there."

"My Rivial rep probably catches those before NCUA catches them. I can make those little tweaks and that's not going to show up in a finding on an audit review."

The tabletop exercises and incident response templates have elevated staff engagement and preparedness—with professional reports ready for the board and NCUA.

When you have the Rivial gentleman running it and asking the questions and presenting surprise scenarios, there's a lot more staff participation because it seems a little bit more serious when it's not someone they work with every day."

The platform has become central to daily operations—with streamlined evidence collection, policy review guidance, audit finding tracking, and automatic training integration with KnowBe4.

"I'm in and out of there every day. All of those things are impactful. Gives me the time to address it before it's caught."

The Value of Partnership

What truly sets the relationship apart is how Rivial functions as a genuine partner—not just a vendor.

Monthly Meetings:

Regular scheduled meetings to stay on track

Always Available:

Questions answered between meetings via call or email

Audit Support:

Help preparing for and during NCUA interviews

Personal Relationships:

Team members who remember names and check in even after promotions

I don't say they're a company that works for us or a third-party vendor. I always describe them as our information security partner."

Still to this day, if we're under a rough audit, I can call and be like, 'Hey, I have an interview with NCUA at 10 a.m. Can you help me answer these questions?' And you guys are always right there."

 

"It's like a big cybersecurity family."

Looking Ahead

After 10 years of partnership, Lassen County FCU continues to expand their relationship with Rivial, adding new services at each contract renewal.

"Every time it comes contract time, we're like, 'What else you got?' We've completely added services at every contract signing time."

Conclusion

For small credit unions without dedicated information security staff, Lassen County Federal Credit Union's decade-long partnership with Rivial demonstrates what's possible. Through:

  • Risk assessments that NCUA examiners recommend to others
  • Massive time savings for staff wearing multiple hats
  • Professional incident response and tabletop exercises
  • Proactive compliance that catches issues before audits
  • A true partnership that feels like family

Rivial has helped Lassen County FCU transform from struggling to meet basic requirements to earning examiner praise—all while protecting their members' data and their members' money.

You'll never look back

Rivial's Revolutionary platform will transform your CISO life.

Schedule A Demo