Tackling the information security mandates of the Gramm – Leach – Bliley Act (GLBA) can be a challenge for any sized community bank. The core issue for compliance is building a GLBA Security Program.

The heart of this program is a series of short policies that outline and define risk areas that each bank’s management and board of directors must develop, implement, and monitor. In our view, to be compliant with GLBA, a bank must develop a GLBA Security Program that touches on nine different areas. Bank management needs to create:

1. A departmental risk assessment policy
2. A bank-wide vendor management policy
3. An I.T. security policy
4. An acceptable use / confidentiality policy (signed by users)
5. A document and media retention policy
6. A business continuity and disaster recovery plan supported by business impact analysis worksheets
7. An employee security training policy
8. An internal and external I.T. audit policy (which should include the I.T. penetration test that most people associate with GLBA).
9. An incident response program

These elements will allow more efficient technology and security compliance management. For more details, call today!

We have updated the format of our site to be mobile phone friendly. Stay tuned for more activity.