Solutions


GLBA Compliance

The Gramm-Leach-Bliley Act (GLBA) requires Financial Services institutions to develop precautions to ensure the security and confidentiality of customer records and information, to protect against any anticipated threats or hazards to the security or integrity of such records, and to protect against unauthorized access to, or use of, such records or information which could result in substantial harm or inconvenience to any customer. Many financial institutions use FFIEC (Federal Financial Institutions Examination Council) guidelines as a framework to comply with the IT security requirements of GLBA.

Agiliance IT GRC 5-step process


Complying with GLBA is challenging

Sustained compliance with these frameworks is a challenge using manual methods - cost of compliance is high and individual items can easily be missed. If FFIEC assesses a company to be non-compliant with GLBA, it can be levied huge fines. In addition, any potential security violation of consumer data is harmful to brand equity.

In order to comply with GLBA, (and associated regulations such as EU Data Protection Directive and SB1386) companies are taking a top-down risk-based approach to ensure that all assets (including hardware, software, physical IT infrastructure, and IT processes) that contain consumer information are in compliance with frameworks such as ISO17799 and FFIEC. The Agiliance IT-GRC platform enables organizations to comply with GLBA using FFIEC and ISO27001/17799 frameworks.


Agiliance's Key Capabilities:

  • Maintain a repository of all assets (hardware, software, physical IT infrastructure, IT processes) that contain relevant data. Asset information can either be imported from external systems or populated through asset discovery technology. The system supports a comprehensive asset data model to document relationships between assets, organizations, processes and people.
  • Enabling the organization to evaluate how critical an asset is to maintaining the integrity and confidentiality of relevant information and then assess its overall risk.
  • Maintain a library of controls based on FFIEC or ISO17799
  • Provide an infrastructure for assessing compliance with controls
    • Automate the process of distributing and collecting periodic surveys and self assessments to evaluate compliance
    • Integrate with monitoring tools, compare asset configuration against controls and policies to identify non-compliance on a continuous basis
  • Report on asset compliance scores – both for status purposes, as well as evidence of compliance for internal and external auditors.
  • Compute an asset’s composite risk score based on multiple criteria, including business impact of its impairment, compliance with policies, including security policies, and its vulnerability based on external feeds. The risk score allows users to prioritize which non-compliant assets need to be addressed first for remediation.
  • Trigger the remediation process.
Live Demo Sign Up
 
 
// Google Analytics tracking scripts // eTrigue tracking scripts // eloqua tracking scripts