GLBA Compliance

The Gramm-Leach-Bliley Act (GLBA) requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.

The GLB Act includes:

• The Financial Privacy Rule
• The Model Form Rule
• The Safeguards Rule
• Provisions that prohibit pretexting.

GLBA requires U.S. financial institutions to create, implement and manage a formal program to safeguard customer information.

The FFIEC is charged with providing specific guidelines around evaluating institutions for compliance with GLBA, among other things. Enforcement falls to one or more of eight governing agencies: The Federal Trade Commission (“FTC”), Board of Governors of the Federal Reserve System (“FRB”), Office of the Comptroller of the Currency (“OCC”), Federal Deposit Insurance Corporation (“FDIC”), Securities and Exchange Commission (“SEC”), National Credit Union Administration (“NCUA”), Office of Thrift Supervision (“OTS”), and the Commodity Futures Trading Commission (“CFTC”).

Together these agencies have developed and published a series of “IT Booklets”. These “IT Booklets” provide guidance, address significant technology changes and incorporate a risk-based approach for IT practices in the financial industry.

How Does FRSecure Help?

FRSecure staff members are experts in dealing with all GLBA requirements as they pertain to information security.

FRSecure’s Services for GLBA Compliance include:

• Information Security Assessment and Risk Analysis
• Information Security and Risk Consulting, including:
  • Corporate Information Security Program Development, Policies, Standards, and Security Baseline Development,
  • Enterprise Security Architecture and Standards Development,
  • Security Awareness Program Development
  • Incident Response Program Development
  
  
• Log Monitoring/Security Information and Event Management (“SIEM”)
• Vulnerability Management (including Vulnerability Scanning)
• Penetration Testing and Web Application Testing

Contact us for a detailed map of FRSecure’s services to GLBA/FFIEC compliance.