GLBA Assessment

GLBA compliance is the law. Protecting you and your clients’ confidential financial information is the highest priority. To assure GLBA compliance, you need an expert who understands what to look for and how to implement a comprehensive risk management plan into your enterprise.

CSO’s GLBA Assessment service, reviews the status of your organizational and technical security. This comprehensive review allows you to understand the implications of U.S. Federal regulations and how to make sure you’re in compliance. Our expertise covers all thecritical security components of GLBA.

The CSO Approach, the CSO Difference:
  • Provide a high-level review of your organization’s current security policies, practices and controls for protecting confidential customer financial information.

  • Review current Internet security provisions as they relate to customer data.

  • Discover major GLBA compliance issues in areas requiring further investigation.

  • Develop a customized strategy and remediation plan.

  • Present our findings and recommendations to the executive and technical audiences of your organization.

  • Expertise You Can Count On
GLBA's safeguarding standards clearly require financial institutions to assess and evaluate threats or vulnerabilities to its customer information from both external and internal sources. Specifically, the standards state that each financial institution must:
  • Identify reasonably foreseeable internal and external threats that could result in unauthorized disclosure, misuse, alteration or destruction of customer information or customer information systems;

  • Assess the likelihood and potential damage of these threats, taking into consideration the sensitivity of customer information; and

  • Evaluate the sufficiency of policies, procedures, customer information systems, and other arrangements in place to control risk.
The examination procedures specifically address the risk assessment process. The procedures focus on such questions as: 
  • Has the institution used personnel with sufficient expertise to assess risks?

  • Does the institution identify and rank its information assets?

  • Did the evaluation process include the review of administrative, physical, and technical safeguards to mitigate risk?

  • Does the process include the evaluation of risk to the entire customer information system?

  • Does the institution use its test results to support its assessment of the adequacy and effectiveness?

  • Does the institution promptly act to mitigate identified material risks?
Home | Privacy Policy | Security Policy | Copyright © CSO 2008; All Rights Reserved