GLBA Risk Assessment
GLBA Risk Assessments – When non-compliance is not an option
Maintaining transparency and security
Simply said, the Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. Financial institutions are categorized as companies that offer consumers financial products or services like loans, financial or investment advice, or insurance. Non-compliance of GLBA can result in a variety of fines and up to five years imprisonment for each violation—not to mention the reputational risk of the financial institution receiving negative press / media attention etc.
Elevate’s IT Compliance and IT Security Consultants are continuously up-to-date on the guidance from the Federal Financial Institutions Examination Council (FFEIC) and accompanying enforcement agencies (e.g. FDIC, OTS, OCC etc). Incorporating our risk-based approach for IT practices, we ensure your compliance by covering the following areas:
- Information Security Strategy: including roles and responsibilities from board members to employees. The security strategy includes controls, processes and policies.
- Information Security Risk Assessments: bridges the critical gap between financial and technology controls to ensure key areas and controls are adequately addressed in business planning.
- Security Controls Implementation: establish controls over restricted access, define security zones, encrypt data in storage and transmission, protect against malicious code, ensure proper system development, acquisition and maintenance, ensure personnel and data security, ensure proper oversight over service providers, consider business continuity planning, evaluate insurance (extent and coverage of available).
- Security Monitoring: monitoring network and host activity.
- Security Process Monitoring and Updating: continuously gather and analyze information regarding new threats and vulnerabilities.