What is a GLBA Compliance Assessment?
The Gramm-Leach-Bliley Act (GLBA) requires banks to have a security program in place to safeguard confidential information, and as part of this, determine the general risk levels of their third parties. Based on that level of risk, banks are then required to perform additional GLBA compliance assessments to ensure the third party has appropriate controls in place to ensure data is protected and/or services are available. This often consists of a third party or vendor management program that includes surveys and onsite assessments.
Why do this Information Security Program Assessment?
Security frameworks and regulatory standards, like GLBA compliance, require third party risk management. Third party management is crucial to ensure that data or services outsourced to organizations, often smaller and less diligent than the bank, are protected to the levels necessary. Otherwise, the bank is accepting risk through outsourcing that it should not accept.
How can SecureState help with your GLBA Compliance Assessment?
SecureState provides a full suite of risk assessment services that can be leveraged for third party risk assessments, especially for GLBA compliance. Our VCO web-based survey engine has been reviewed by the OCC and can automate most of the program. It performs pre-surveys for the initial risk assessment, which are potentially followed by full surveys. The results of the surveys are tracked for gaps and remediation. As needed, SecureState can perform onsite information security program assessments using the bank security controls framework or an open framework such as the Shared Assessment Program developed by BITS.
Let SecureState run the necessary information security program assessments to maintain the proper GLBA compliance standards for your business. Contact us today.