GLBA

GLBA

One of the regulatory requirements initiated by the Gramm Leach Bliley Act (GLBA) is to create an information security program to ensure security and confidentiality of customer information, protect against anticipated threats to such information, and protect against unauthorized access to that information which might result in substantial harm or inconvenience to any customer.

The Federal Reserve Interagency Guidelines Establishing Information Security Standards outline some of the responsibilities and events that must be considered for any information security program. These programs should include policies and procedures that address the following:

  • Access Controls on Customer Information Systems
  • Access Restrictions at Physical Locations
  • Encryption of Electronic Data
  • Change Management Procedures
  • Dual Control Procedures
  • Segregation of Duties
  • Employee Background Checks
  • Monitoring Systems and Procedures
  • Incident Response
  • Business Continuity
  • Disaster Recovery

At Canaudit, our approach focuses on helping organizations improve their security posture while achieving and maintaining compliance. Increasing complexity in regulatory requirements like the GLBA have placed great demands on financial institutions. Successful institutions are able to meet these demands through comprehensive network penetration testing and vulnerability assessment services, internal and external facing network audits, database security assessments, web application security assessments and IT policy and procedure reviews, all of which are paramount cyber risk management measures.

Related Services:

Network Penetration Testing and Vulnerability Assessment
IT System Audit and IT Security Review
IT Policy and Procedure Review
Change Management Audit
SOX Compliance Review
FFIEC Compliance Review
PCI-DSS Compliance Review