GLBA Assessments, Compliance & Consulting

Our expert assessors help ensure your organization is taking the necessary steps to safeguard sensitive data and comply with the Gramm Leach Bliley Act.

The main focus of the GLBA is to expand and tighten consumer data privacy safeguards and restrictions. The primary concern, related to the GLBA, of IT professionals and financial institutions is to secure and ensure the confidentiality of customers’ private and financial information. Maintaining GLBA compliance is critical for any financial institution, as violations can be both costly and detrimental to continued operations.

Our team has worked with clients on emerging laws and regulations restricting the use and disclosure of personal financial information at virtually all levels: in the legislative arena, the rule making process, and the implementation of company privacy and security policies and practices.

If you provide financial products or services to consumers, you need to comply with the GLBA. We’ve put together this GLBA compliance reports checklist to help you meet the regulatory requirements.


GLBA Compliance Service

While fraud has always been a challenge in the finance industry the GLBA highlighted challenges and put forward a modernized approach for addressing these threats. Today that means fewer consumers falling victim to fraudsters.


Designate one or more employees to coordinate an information security program. Identify and assess the risks to customer information in each relevant area of the company’s operation, and evaluate the effectiveness of the current safeguards for controlling these risks. Design and implement a safeguards program, and regularly monitor/test it. Select service providers that can maintain appropriate safeguards, make sure your contract requires them to maintain safeguards, and oversee their handling of customer information. Evaluate and adjust the program in light of relevant circumstances, including changes in the firm’s business or operations, or the results of security testing and monitoring


The Bureau of Consumer Protection recommends a number of practices to ensure the privacy of customer financial data and maintain GLBA compliance. These include running thorough background checks on all potential employees and giving access to sensitive data only to those that need it, when they need it. All passwords should be complicated and frequently changed, and should not be stored on physical media, digital or otherwise Encryption is another important aspect of protecting the security of financial data. When data is encrypted, it can’t be read unless someone has the key to decrypt it (Key for GLBA data privacy). Not only does this prevent prying eyes from snooping on your client’s information, but it also protects your business should that same data fall into the wrong hands. According to GLBA compliance protocol, you would have to report the breach to your customers, but you would be able to assure them that their data is still protected by encryption. Our security and risk consultation services help support your GLBA and FFIEC compliance efforts by performing analyses to determine the appropriate controls to protect information based on your organizational risk.

GLBA Compliance

Fulfill GLBA Requirements

Gramm-Leach Bliley Act (GLBA) Assessment

GLBA Risk Assessment

Assess your current level of compliance with GLBA, identify gaps in controls, and identify key work areas that your organization must address to achieve and/or maintain compliance with the regulation

GLBA Audit

Our experienced, certified IT Auditors will examine your IT controls mapped against GLBA requirements, obtain evidence to determine if the controls are operating effectively to achieve your organization's objectives and satisfy regulation requirements, and provide attestation of audit along with remediation strategies. A deeper dive assessment compared to the GLBA Risk Assessment, the GLBA Audit will include evidence sampling

GLBA Advisory Services

Work with your organization and tailor our project to your specific needs to address any concerns that you have related to GLBA, assist in the implementation and updating of policies and procedures, or assist in assessing the risk your third party providers pose related to GLBA Let Compass IT Compliance assist your organization in assessing any risks present through our GLBA services so you can secure your customer data environment, comply with regulatory compliance requirements, and save time, money, and resources in the process. Contact Us today to discuss your unique situation. Secure. Comply. Save.

Gramm-Leach Bliley Act (GLBA)

GLBA applies to companies that provide financial products or services to consumers. This includes: banks, mortgage brokers, insurance firms, real estate appraisers, tax preparation businesses, check-cashing businesses, accountants, ATM operators and others.


GLBA Compliance Requirements

The Financial Privacy Rule:

The first item on your GLBA compliance checklist should be the Financial Privacy Rule. The point of this regulation is that you provide the appropriate notices of your privacy policies and practices to consumers, which are defined as individuals using your product or service for personal applications. You’ll also need to offer consumers the option to opt in or out of having their NPI disclosed to non-affiliated third parties.

The Safeguards Rule :

This regulation is why GLBA compliance and cybersecurity are often mentioned together. The Safeguards Rule requests that applicable financial institutions implement policies for securing customer information — customers are defined as individuals that maintain a relationship with your organization. As a part of this GLBA compliance requirement, you’ll need to ensure your affiliates and service providers maintain an NPI protection plan.

The Pretexting Provisions:

Another GLBA standard that involves cybersecurity is the Pretexting Provisions, which encourage financial institutions to develop safeguards for pretexting, also known as social engineering. To comply with this regulation, organizations often develop a written plan for monitoring account activity, as well as training staff that may provide NPI to a fraudulent entity.

Attain GLBA Compliance

If you’re required to comply with this FTC standard, a critical item on your GLBA compliance checklist will be your cybersecurity. Because of the Safeguards Rule and Pretexting Provisions, you’ll need a cybersecurity solution that provides comprehensive monitoring, event logging and log management, as well as an infrastructure that’s compliant with GLBA.

At InfosecMates, we provide a secure and cloud-based solution for GLBA compliance. Our company can generate GLBA-compliant reports with ease, as well as monitor and remediate customer accounts and malicious activity around-the-clock, ensuring your organization delivers reliable service to your customers and consumers.

GLBA compliance and consulting services

Readiness Assessments and Gap Analysis services:

An important component of GLBA compliance is knowing what "compliance" actually means. Specifically, what systems and supporting resources are to be included in the scope, what personnel are involved, along with identifying and understanding many other critical areas.

Policy and Procedure development:

If you've been identified as a "financial institution" or a related party for purpose of GLBA compliance, then you'll need a trusted source to help develop a comprehensive set of policy and procedure documents.

Implementation of GLBA practices:

A GLBA Readiness Assessment and Gap Analysis, while beneficial, merely identifies strengths and weaknesses within one's compliance platform. As such, organizations should shortly thereafter implement all necessary practices for ensuring compliance with the Financial Privacy Rule, the Safeguards Rule and Pretexting Protection. We can assist in these measures by developing a highly-customized GLBA roadmap for compliance.

GLBA Compliance Services

InfosecMates can perform a risk assessment of your organization’s GLBA program as compared to the inter-agency guidelines which establish information disclosure and safeguarding standards surrounding nonpublic personal information. A Compass GLBA risk assessment will evaluate the following areas:

Notice Requirements
Opt-Out Provisions
Board Involvement
Risk Assessment
Risk Management and Controls
Service Provider Oversight
Program Adjustment
Implementation of Standards
[hfe_template id='5280']
[hfe_template id='5160']
[hfe_template id='4976']
[hfe_template id='4968']