GLBA Assessment

The Gramm-Leach-Bliley Act (GLBA)

GLBA is also known as the Financial Modernization Act of 1999. It is a United States federal law that requires financial institutions to explain how they share and protect their customers’ private information.

GLBA Introduction

  • Why is it so important NOW, and WHY do we need to do anything?
  • Federal Student Aid (FSA) is refocusing on the GLBA Safeguards Rule requirement, and
    starting to enforce compliance (Educause, 2016).
  • Schools without GLBA safeguards may be found administratively incapable (unable to properly administer Title IV funds). (Dept. of Higher Education, 2017).
  • The GLBA information security program isn’t a new rule. It has been in place since May 23, 2003 (NACUBO, 2003)

Important Aspects of a GLBA Compliance Assessment

Designate an employee to
implement an information
security program.

Identify, Assess, and
Evaluate Risk
(aka. Risk Assessment).

Implement safeguards
for risk mitigation.

Manage 3rd party vendors
for security compliance.

What Does GLBA Compliance Assessment from OculusIT Cover?

  • First, appointing a team member for the information security program.
  • Second, performing a risk assessment, required for the Fiscal Year 2021 audits (Educause, 2017) (NACUBO, 2016).
  • A risk-based approach to implementing controls is the most cost-effective method (ISACA, 2015).
  • Vulnerability assessments alone are not enough to fulfill the requirement because that is only assessing one aspect of risks.
  • Third, following the recommendations in the risk assessment.
  • Performing risk assessments annually. New system implementations should also trigger a new risk assessment to be performed (ISACA, 2015).

How do we comply with the GLBA Safeguards Rule?

  • Third-party objective assessment and a comprehensive report of the state of GLBA compliance at the organization
  • Identification of non-compliant areas and understanding of what actions are needed to comply with GLBA Safeguards and Privacy Rules
  • Uncover opportunities to minimize operational, fraud, reputation compliance, and technology risks
  • Reduction of the cost, confusion, and complexity of GLBA compliance