| |
GLBA
Assuring the integrity and security of personal information
held by financial services organizations has always been an ongoing IT
challenge. And with the introduction of GLBA failures to protect internal
networks and customer and financial data can now lead to costly and embarrassing
incidents for financial institutions. To achieve compliance with GLBA,
financial services firms need to identify vulnerabilities in electronic
systems, assess the likelihood and impact of threats and assess sufficiency
of controls to mitigate those risks. In doing this, many financial institutions
are struggling with:
- Understanding GLBA - determining if they
are an affected party, or how the GLBA mandate applies to them. This
group can include insurance companies and smaller financial institutions
- Determining specific requirements –
identifying specific control requirements for current GLBA standards
that provide significant room for interpretation
- Creating a control architecture - creating
a centralized set of policies and controls that ensure compliance with
current GLBA standards
- Documenting the audit approach – documenting
policies describing the controls on security and integrity of personal
and private financial data
- Collecting audit evidence - creating a
systematic approach for collecting and documenting audit proof, including
assessments and system compliance checks
The Business Impact
GLBA is driving the need for vulnerability and risk assessments to be
conducted within any banking or financial institution in the United States.
Due to the difficulty, knowledge and scope required, improving security
and demonstrating compliance can be expensive. And many companies are
finding that maintaining GLBA compliance can be as expensive as achieving
it in the first place. Ongoing compliance monitoring is required as part
of GLBA and companies are expected to continually update and improve their
plans, as well as monitor and update the plans of their third party providers.
As a result, the business impact of GLBA on IT organizations will continue
and likely grow, including:
- Increased costs – costs associated
with adequately achieving and maintaining protection of enterprise information
systems, and demonstrating compliance to auditors
- Increased risk - increasing risk due to
potential impacts of non-compliance with current GLBA requirements,
including potential financial impact of fines and penalties
The Compliance Spectrum GLBA Solution
Compliance Spectrum provides the services and capabilities
needed both to achieve and demonstrate compliance with GLBA requirements,
and to automate key processes in the IT compliance life cycle. Key capabilities
of the Compliance Spectrum GLBA solution include:
- Regulations and requirements management
- identifies gaps between current policies and controls and GLBA requirements
- Controls management (policy and awareness)
- provides an auditable centralized repository for policies and controls,
comprehensive templates for 'quick start' programs, and deployment and
awareness tracking
- Audit management - provides audit point
tracking and prep reporting capabilities for internal and external audit
activities
- Vulnerability and incident management
- provides a comprehensive vulnerability database, targeted alerting,
and task management and status tracking
- Compliance management - supports online
assessment and integrated audit point tracking for demonstrable compliance
Compliance Spectrum’s Spectra
automates key processes across the IT compliance
life cycle.
For more solutions click on the
compliance standards below:
Contact us
to learn more >>
|
Privacy Policy 
