GLBA Risk Assessment
The Gramm-Leach-Bliley Act (GLBA) Safeguards Rule requires financial institutions to conduct a risk assessment to identify internal and external risks to customer information security and confidentiality. For many organizations conducting risk assessments for GLBA compliance is a daunting task. CompliancePoint simplifies this process, helping you identify vulnerabilities, giving you a foundation to design and implement an information security program that will minimize your cyber risk while ensuring you're compliant with GLBA requirements.
Our Approach
We use the following steps, based on NIST guidelines, to execute GLBA risk assessments to help organizations better understand the information security risks they are facing, effectively mitigate and manage those risks, and achieve GLBA compliance.
Step 1: Data Inventory
Identify the data you have, and the systems involved in the processing of that data.
Step 2: Identify Threats
Identify the potential threats that could compromise your systems, networks, and data.
Step 3: Qualify the Risk
Determine the risk posed by the identified threats, including the likelihood of the threat and the potential damage.
Step 4: Control Design
Design and implement security controls to mitigate the identified risks.
Step 5: Risk Treatment Plan
Create a plan to address risk not fully remediated by your security controls. This could range from accepting the risk to contracting with a third-party.
Step 6: Control Validation
Validate controls through a monitoring, penetration testing and vulnerability scans.
Speak with an Expert
Our Focus
Our GLBA services are designed to meet all elements of the Safeguards Rule and can be tailored to fit the budget and maturity of your business. You can customize a program that focuses on the services that are most vital to your operations.
Program Manager
Experienced and knowledgeable personnel to serve as your designated individual and supervise your information security program in accordance with GLBA.
Safeguard Controls
Information security controls designated to reduce identified risks and ensure GLBA safeguards are met.
Risk Management
Identify risk to your customer information and ensure the appropriate security controls are implemented in accordance with GLBA.
System Monitoring & Testing
Ensure the effectiveness of your security controls and safeguards through vulnerability assessments, simulated cyber-attacks and penetration testing.
Security Awareness Training
Training for your staff to ensure security awareness with regular refreshers. Training can be customized for security personnel.
Vendor Monitoring
A program that monitors any person or entity that receives, maintains, processes, or otherwise is permitted access to customer information.
Information Security Program Management
Focused on keeping your information security program current with emerging threats, changes in personnel and other material impacts.
Incident Response Plan
A written response and recovery plan to manage security events and incidents. Establish partnerships with existing providers to help manage an incident.
Compliance Reporting
An overall assessment of your company's compliance with its information security program for consumption by your Board of Directors or governing body.
Our Focus
Our GLBA services are designed to meet all elements of the Safeguards Rule and can be tailored to fit the budget and maturity of your business. You can customize a program that focuses on the services that are most vital to your operations.
Program Manager
Experienced and knowledgeable personnel to serve as your designated individual and supervise your information security program in accordance with GLBA.
Safeguard Controls
Information security controls designated to reduce identified risks and ensure GLBA safeguards are met.
Risk Management
Identify risk to your customer information and ensure the appropriate security controls are implemented in accordance with GLBA.
System Monitoring & Testing
Ensure the effectiveness of your security controls and safeguards through vulnerability assessments, simulated cyber-attacks and penetration testing.
Security Awareness Training
Training for your staff to ensure security awareness with regular refreshers. Training can be customized for security personnel.
Vendor Monitoring
A program that monitors any person or entity that receives, maintains, processes, or otherwise is permitted access to customer information.
Information Security Program Management
Focused on keeping your information security program current with emerging threats, changes in personnel and other material impacts.
Incident Response Plan
A written response and recovery plan to manage security events and incidents. Establish partnerships with existing providers to help manage an incident.
Compliance Reporting
An overall assessment of your company's compliance with its information security program for consumption by your Board of Directors or governing body.
Our Benefits
Objective & knowledgeable assessments
Proven techniques and strategies
Cost savings
No personnel certification costs
Target high-priority tasks
Access to cutting-edge tools & technology
No turnover
Security awareness training
Institutionalize your security processes
Control design & automation
Objective & knowledgeable assessments
Proven techniques and strategies
Cost savings
No personnel certification costs
Target high-priority tasks
Access to cutting-edge tools & technology
No turnover
Security awareness training
Institutionalize your security processes
Control design & automation
Schedule your GLBA risk assessment
10 Billion+
Records Audited
150+
Cases as an
Expert Witness
2,500+
Companies Served
+86
Net Promoter Score - Our Customers Love Us!
