GLBA / FFIEC Compliance
Turn GLBA DisParities into Measureable FFIEC Controls
GLBA (Gramm-Leach-Bliley Act) regulations require organizations engaged in financial activities to develop, implement, and maintain safeguards to protect the security, integrity, and confidentiality of customers' non-public personal information (NPI). To ensure compliance with GLBA, financial organizations must implement a thorough and ongoing risk assessment process.
The Federal Financial Institutions Examination Council (FFIEC) supports this mission by providing extensive, evolving guidelines for compliance. The FFIEC is charged with providing specific guidelines for evaluating institutions for GLBA compliance.
Rsam for GLBA Compliance
Rsam is a web-based, cost-effective software solution that makes even the most challenging enterprise GLBA compliance assessments manageable. Rsam comes with a pre-defined template that translates disparate aspects of GLBA, converting them into measurable controls for business lines, departments, applications, service providers, and other logical groupings as outlined by FFIEC. With Rsam, organizations can:
- Choose from Rsam's library of controls cross-referenced with GLBA safeguards rule, NIST and ISO
- Track responses, progress, user activity, & manage all aspects of the assessment process using administrative dashboards, questionnaire cycles, user roles, & data management interfaces
- Improve assessment accuracy & efficiency with fact-based data gathering & relational reporting
- Incorporate Third Party Service Provider / Vendor Risk into the risk assessment process
- Identify control gaps & manage enterprise-wide remediation efforts
- Create actionable & relevant reports to keep all levels of the organization informed
- Extensive Library of Controls – Choose from Rsam's library of controls cross-referenced with GLBA safeguards rule, NIST and ISO, TSP control & criticality or leverage the BITS shared assessments SIG via Rsam as outlined by FFIEC.
- Workflow to Mirror Any Existing Assessment Process – Dynamic workflow bends to meet your most complex processes – not vice-versa. Map virtually every aspect of current workflow processes into Rsam. Upon completion, the process can automatically be passed to other users for review or additional input.
- Create Compliance Gaps Repository for Centralized Remediation – Create a central repository of manageable data/non-compliant findings from scanners, surveys, auditors, etc. Develop and prioritize remediation strategies and action plans to manage unlimited remediation initiatives across the enterprise.
- Deliver Real-time, Actionable Reporting – Rsam 50+, out-of-the-box roll-up/ drill-down reporting delivers actionable information to key stakeholders. Organizations can also launch their own custom reports, either in Microsoft SSRS and/or Crystal reports, directly from Rsam. All data entered into Rsam is immediately available for consumption by Rsam's analytic engines, reporting structures and dashboards within the application giving end-users access to real-time data.