(a) A credit union must file a written notice with the commissioner at least 30 days before it establishes a transactional web site. The notice must:(1) Include an address for and a description of the transactional features of the web site;(2) Indicate the date the transactional web site will become operational; and(3) List a contact person familiar with the deployment, operation, and security of the transactional web site.(b) For the purposes of this chapter a transactional web site is an Internet site that enables users to access an account and conduct financial transactions such as transferring funds, processing bill payments, opening an account, applying for or obtaining a loan, or purchasing other authorized products or services.(c) Credit unions that have a transactional web site must provide for a review of the adequacy of the web site's security measures annually. The scope of the review should cover the adequacy of physical and logical protection against denial of service attacks and other attack vectors designed to gain unauthorized access to the system. If the credit union outsources this technology platform, it can rely on testing or audits performed for the service provider to the extent it satisfies the scope requirements of this subsection.