Dara Security

GLBA & FFIEC

Background

The Gramm-Leach-Bliley Act (GLBA), or The Financial Services Modernization Act, requires financial institutions to have a security program in place to safeguard the confidential information of their customers as well as to determine the general risk levels of their third parties. GLBA broadly defines financial institutions to include credit unions, banks, savings and loans, investment and insurance firms and possibly retail merchants, granted they provide their own credit solution.

 

Support

To help support the GLBA efforts, the Federal Financial Institutions Examination Council (FFIEC) developed the FFIEC IT Examination Handbook in concert with multiple agencies, including: Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Consumer Financial Protection Bureau (CFPB). Each agency may have additional controls outside the FFIEC.

 

Risks

GLBA requires financial institutions to understand the risks within their organization by implementing a formal risk management program that identifies, quantifies, and employs controls to mitigate risks where appropriate.  Additionally, GLBA requires financial institutions to perform due diligence (e.g., 3rd party GLBA assessments) to ensure third parties have appropriate controls. This risk based approach consists of a vendor management program that includes surveys and on-site assessments.

 

GLBA Gap Assessment

To quickly identify these gaps and firmly establish a roadmap for compliance, Dara Security created a GLBA Gap Assessment to review your systems and processes to identify areas of non-compliance.  The GLBA Gap Assessment will be performed against selected services, applications, and infrastructure within your organization. It reviews current privacy measures, as well as security controls against GLBA by:

    Documenting your Compliance with GLBA Safeguards and Privacy Rules


    Identification of non-compliant areas and understanding of what actions are needed to comply with GLBA Safeguards and Privacy Rules


    Proper 3rd party objective assessment of GLBA compliance


In return, you will:

    Have avoidance of fines that could result from a failed GLBA Audit


    Reduce the cost, confusion, and complexity of GLBA compliance


    Provide regulators the evidence that your organization has taken a risk-based approach to quickly attain GLBA compliance


 

Dara Security Experts

Dara Security's consultants are experts in understanding both the technical aspects and the business components of your organization. Dara Security's experience and knowledge, developed while working with some of the top Fortune 500 financial institutions in the country and a governing body, provides your organization with a true picture of your compliance with GLBA.