Compliance & Regulatory Audits

Gramm-Leach-Bliley Act (GLBA)

The Gramm-Leach-Bliley Act (GLBA) is a federal law that requires financial institutions to explain their information sharing practices to their customers and how they protect their customer’s private information.  The Act applies to companies that offer consumer financial products and services such as loans, financial or investment advice, or insurance.

Since compliance should be the minimum level of security, failure to comply with regulatory standards can likely result in the exploitation of vulnerabilities by malicious hackers.  Identities may be stolen and sensitive information abused for profit. Non-compliance of GLBA can also result in up to $100,000 in civil penalties for each violation. In addition, Officers and Directors can be held personally liable to both fines and up to five years of imprisonment.

GLBA Risk Assessment

Since 2001, SECNAP Network Security has been a trusted partner to many financial institutions. By leveraging our comprehensive portfolio of services, CIOs and CISOs, network and IT managers have been able to dramatically reduce vulnerabilities and enhance protection for their sensitive customer data.

The SECNAP GLBA Audit identifies compliance and security vulnerabilities before they have a chance to become breaches by leveraging industry-leading tools and expertise. In addition to extensive hands-on experience, our professionally certified network of auditors employ a complete toolkit in order to evaluate risk in your organization and make practical recommendations for remediation.

Tools may include automated testing, personnel  interviews, policy reviews, procedural and process evaluations, in-depth analysis and more.  The most significant benefit of a GLBA Assessment is the peace of mind you’ll gain knowledge that Gramm-Leach-Bliley Act requirements have been met, as well as those suggested by the Offices of Thrift Supervision and Controller of the Currency.

SECNAP’s can help by:

  • Creating a GLBA compliance benchmark for your organization

  • Identifying the strengths and weaknesses of current security practices, especially those protecting Non-Public Personal Information.

  • Prioritizing exposures according to the level of risk for IT convenience in addressing them.

  • Delivering remediation recommendations consistent with compliance regulations, corporate policy, and best practices

  • Providing a repeatable methodology to facilitate periodic GLBA audits.

GLBA Risk Assessment
Our methodology for the GLBA Risk Assessment is based on a phased approach with the following steps:

  • Asset Inventory Documentation the inventories and the classification of assets to ensure mission-critical assets are evaluated and classified.

  • Threat Analysis Determine existing and emerging threats, system vulnerabilities, and existing controls to reduce risks are identified for the information assets in scope.  Vulnerabilities will be analyzed by the severity of impact and likelihood of occurrence and risk level.

  • Controls/Safeguard Analysis Evaluation of current controls to reduce risks to an acceptable level.  Develop a recommendation to mitigate identified risks

  • Reporting and Recommendations Provide actionable recommendations and the required elements of reporting towards GLBA compliance.