GLBA Assessment and Sound Security Practices

The security challenge of protecting sensitive information continues to increase.  The Privacy Rights Clearinghouse recorded 662 breaches involving 27.9 million sensitive records in 2012.

Some financial institutions are still struggling to meet the GLBA’s list of requirements to protect consumers’ personal financial information.

A GLBA Audit can be costly, particularly if the candidate is out of compliance or unprepared for an audit by federal regulators.  GLBA noncompliance can mean severe fines and even class-action lawsuits.

Benefits of OpenSky GLBA Assessment

OpenSky consultants are former Information Security Officers and Compliance Officers with considerable expertise in GLBA Compliance. They perform assessments regularly against many of the common regulatory standards (i.e. GLBA, HIPAA, PCI DSS, SOX, FISMA, NERC, EU Privacy, etc.).

While the GLBA only specifies a risk assessment of physical and electronic customer data, financial institution examiners are looking for a consolidated risk assessment of all systems that transfer, process, or store electronic data. Leveraging the guidelines of ISO 27002 and FFIEC, OpenSky will assess a company’s program to assure that a structured process is in place to: identify and categorize threats, determine inherent and residual risks, determine control criticality levels and management of risk information and provide a detailed action plan.  The benefits of OpenSky GLBA Assessment include:

  • Compliance with GLBA Safeguards and Privacy Rules
  • Identification of non-compliant areas and understanding of what actions are needed to comply with GLBA Safeguards and Privacy Rules
  • Uncover opportunities to minimize operational, fraud, reputation, compliance, and technology risks
  • Proper 3rd party objective demonstration of GLBA compliance
  • Avoidance of fines that could result of a failing a GLBA Audit
  • Reduction of the cost, confusion, and complexity of GLBA compliance