Banking institutions understand that they must implement improved security controls not only to comply with specific regulations such as the Gramm-Leach-Bliley Act (GLBA), but they must also protect customer information from breaches and assure the trust among their customers.
TraceSecurity’s solutions help Banks meet specific regulatory challenges from GLBA, the Federal Financial Institutions Examination Council (FFIEC) and the enforcement agencies including the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the Office of the Comptroller of the Currency (OCC), and the Office of Thrift Supervision (OTS). See the chart for FFIEC specific guidelines below.
TraceSecurity Integrated Dashboard
| FFIEC Examination Handbook | TraceSecurity Solutions |
| Banks are required to perform a risk assessment that will be the basis for an Information Security Program. | Risk Assessment, Risk Manager |
| Based on the results of the risk assessment, Banks are required to establish an Information Security Program that meets the requirements of the GLBA 501(b) guidelines. Information Security Program should include policies and procedures that prevent unauthorized access to confidential data. | TracePolicy |
| The Information Security Program should provide employee training on the policies and procedures and security awareness. | TraceTrain, Security Training |
| Banks are required to perform independent tests of the Information Security Program. | Security Assessment, IT Security Audit, Penetration Testing, Social Engineering |
| On-going self-assessments ensure that the Information Security Program is in compliance applicable regulations, protects confidential information and meets examiner audits. Self assessments can be performed with internal resources or a third party provider. | TraceSecurity Compliance Manager, Risk Manager IT Audit Manager Security Assessment, IT Security Audit, Penetration Testing, Social Engineering |
The Gramm-Leach Bliley Act (GLBA) data protection requirements mandate that financial institutions protect the security and confidentiality of customers' non-public personal information and institute appropriate administrative, technical, and physical safeguards to accomplish this requirement. GLBA also requires covered institutions to protect against any anticipated threats or hazards to the security or integrity of customer records; and to protect against unauthorized access to or use of records or information which could result in substantial harm or inconvenience to any customer.
Many institutions that are not commonly thought of as financial in nature are covered by GLBA requirements, such as insurance companies, tax prepares, colleges and universities, financial planners and others.
In defining and implementing an information security program, covered institutions must develop a risk-based information security program that includes involvement of the board and senior management, a risk assessment of threats and vulnerabilities, effective risk management and controls, training, testing, vendor oversight, monitoring and adjusting, and board reporting.
Many institutions that are not commonly thought of as financial in nature are covered by GLBA requirements, such as insurance companies, tax prepares, colleges and universities, financial planners and others.
In defining and implementing an information security program, covered institutions must develop a risk-based information security program that includes involvement of the board and senior management, a risk assessment of threats and vulnerabilities, effective risk management and controls, training, testing, vendor oversight, monitoring and adjusting, and board reporting.
