Regulatory Compliance should be a by-product of good information security. Our experts know where the two should meet.

You are here

Services > Regulatory Compliance > Gramm Leach Bliley Act – GLBA Compliance

Gramm Leach Bliley Act – GLBA Compliance

Originally signed on November 12, 1999, GLBA compliance mandates financial institutions to develop standards relating to administrative, technical and physical controls to protect their respective clients’ non-public personal information from being disclosed to third parties.

In January 2003 member agencies of the Federal Financial Institutions Examination Council (FFIEC) issued new examination guidance that expands on the GLBA compliance data protection rule. The new guidance requires banks to take specific actions such as implementing an information security program and policy to protect all information assets, not just customer information, to be in GLBA compliance.

In essence, this law requires each and every financial institution to create and implement a comprehensive and ongoing information security program and policy, and maintain the program current. Non-compliance with the GLBA can result in a variety of fines and up to 5 years of imprisonment for each violation.

With the help of its expert information security services, Enterprise Risk Management can help alleviate the insurmountable pressures that the pursuit of GLBA compliance can place on an institution. Allow our professionals to help you develop a comprehensive information security program and policy that includes:

  • Security function definition
  • Security committee definition
  • Policies, standards, procedures and guidelines development
  • Risk assessment performance
  • Information ownership definition
  • Information classification
  • Security regulation considerations
  • Logical, physical and administrative security considerations
  • Contingency planning considerations
  • Incident response program definition
  • Security metrics program definition
  • Human resource considerations
  • Legal considerations
  • Help desk / User support considerations
  • System life cycle management considerations
  • Security awareness program definition
  • Partnerships with external provider considerations
  • Periodic security review definition

Let Enterprise Risk Management help you navigate the myriad of requirements related to GLBA compliance.