AWA’s GLBA Risk Assessment Services
To assist companies approaching GLBA compliance, AWA provides a range of services including GLBA readiness assessments, evaluation of current security policies, procedures, and internal controls. Then, to meet GLBA information security requirements, our team carries out gap analysis and GLBA risk assessments. These efforts are done in conjunction with your compliance team.
What Are GLBA Information Security Regulations?
The Gramm-Leach-Bliley Act (GLBA) of 1999 requires financial institutions to take “reasonable” steps to protect the security and confidentiality of customer information, including protecting against any anticipated threats or hazards that could result in a significant compromise of its systems or resources. This law is administered by the Federal Financial Institutions to ensure that federal agencies share information on emerging risks in order to protect consumers’ personal financial information and prevent identity theft.
The financial services sector was required to become compliant with the GLBA regulations in 2001. Today, this law is administered by The Federal Financial Institutions Examination Council (FFIEC) and requires financial institutions to maintain reasonable security measures for their customers’ nonpublic personal information such as your name, social security number, account balances and transaction information.
Financial institutions that must comply with these security regulations include :
- banks and other depository institutions (including credit unions),
- insurance companies,
- broker/dealers in securities, mutual funds, futures and options on securities, and investment companies.
- debt collection agencies,
- Investment advisors,
- Real estate settlement service providers.
FAQs about GLBA Security Services
How does GLBA impact information systems security?
GLBA compliance provides assurance that information systems effectively secure and ensure the confidentiality of customers’ private and financial information. It requires financial institutions to explain their data-sharing practices to their customers and safeguard electronic records.
What are the main security requirements of the GLBA?
The Gramm-Leach-Bliley Act requires financial institutions to have a developed information security program, a designated overseer for the program, and regular security reporting to organization directors. GLBA standards also require security risk assessments to be performed regularly, in addition to annual pen testing and bi-annual vulscans, and for mitigation and incident response plans to be outlined in advance. Compliance also demands assurance of third-party security practices, as well as detailed policies for data retention and disposal.
What data is covered by GLBA?
GLBA applies to customer data, defined as any record containing non-public, personal information or consumers’ personally identifiable financial information – in any form, electronic or otherwise – that is handled or maintained by or on behalf of the institution or its third-party affiliates. Data covered by the regulation includes names, addresses, social security numbers, credit card numbers, bank accounts, and credit reports.