The Security Workplace Approach, the Security Workplace Difference:

• Provide a high-level review of your organization's current security policies, practices and controls for protecting confidential customer financial information.
• Review current Internet security provisions as they relate to customer data.
• Discover major GLBA compliance issues in areas requiring further investigation.
• Develop a customized strategy and remediation plan.
• Present our findings and recommendations to the executive and technical audiences of your organization.
• Expertise You Can Count On

GLBA's safeguarding standards clearly require financial institutions to assess and evaluate threats or vulnerabilities to its customer information from both external and internal sources. Specifically, the standards state that each financial institution must:

• Identify reasonably foreseeable internal and external threats that could result in unauthorized disclosure, misuse, alteration or destruction of customer information or customer information systems;
• Assess the likelihood and potential damage of these threats, taking into consideration the sensitivity of customer information; and
• Evaluate the sufficiency of policies, procedures, customer information systems, and other arrangements in place to control risk.

The examination procedures specifically address the risk assessment process. The procedures focus on such questions as:

•  Has the institution used personnel with sufficient expertise to assess risks?

•  Does the institution identify and rank its information assets?

•  Did the evaluation process include the review of administrative, physical, and technical safeguards to mitigate risk?

•  Does the process include the evaluation of risk to the entire customer information system?

•  Does the institution use its test results to support its assessment of the adequacy and effectiveness?

•  Does the institution promptly act to mitigate identified material risks?