Cookie-Einstellungen
schließen

Diese Elemente sind erforderlich, um grundlegende Website-Funktionen zu aktivieren.

Immer aktiv

Diese Elemente werden verwendet, um Werbung bereitzustellen, die für Sie und Ihre Interessen relevanter ist.

Diese Elemente ermöglichen es der Website, sich an die von Ihnen getroffenen Entscheidungen zu erinnern (z. B. Ihren Benutzernamen, Ihre Sprache oder die Region, in der Sie sich befinden) und erweiterte, persönlichere Funktionen bereitzustellen.

Diese Elemente helfen dem Website-Betreiber zu verstehen, wie seine Website funktioniert, wie Besucher mit der Website interagieren und ob es möglicherweise technische Probleme gibt.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Cybersecurity Management
Trends in Cybersecurity
MSP

Apptega Launches GLBA Framework to Coincide with Impending Updates

Apptega
May 30, 2023

For companies in the financial industry, or those that handle nonpublic personal information (NPI), the Gramm-Leach-Billey Act Safeguards (GLBA) should be at the forefront of their information security practices. Under the GLBA Safeguards, created and enforced by the Federal Trade Commission (FTC), financial institutions must establish comprehensive information security programs that encompass administrative, technical, and physical controls. These measures help ensure the confidentiality and integrity of customer data. 

But in such a highly regulated industry and amid an ongoing barrage of cyberattacks, the GLBA framework must be consistently evaluated and updated to ensure companies protect customer data against emerging threats. Because of this, on June 9, 2023, the GLBA Safeguard controls will be updated to require companies to have comprehensive infosec practices in place. 

Updated standards and evolving requirements can be stressful for MSPs and organizations in highly regulated industries, but worry not – Apptega recently launched the updated GLBA framework in our platform to ensure businesses have a clear view of the relevant controls and their progress toward compliance. 

Here’s what you need to know. 

Reaching Compliance 

The GLBA Safeguard framework applies to financial institutions in the United States, including all banks, security firms, insurance companies, mortgage lenders, financial advisors, universities, and other businesses that manage NPI and/or handle financial services.  

These institutions must consistently monitor and test their information security systems while quickly addressing any identified vulnerabilities or incidents, as non-compliance can lead to hefty fines, criminal charges, and even jail time. Companies must also have a well-defined incident response plan in place to effectively manage security breaches or unauthorized access to customer information. 

Within the GLBA framework, companies need to focus on three primary regulations: 

  1. The Financial Privacy Rule: This rule helps ensure transparency by requiring institutions to provide written information to customers regarding the collection, use, sharing, and protection of their information. It also empowers customers to restrict the sharing of their information with unaffiliated third parties.  
  2. The Safeguard Rule: This rule, on the other hand, mandates institutions to employ administrative, technical, and physical measures to protect the confidentiality, integrity, and security of retained nonpublic personal information.
  3. The Pretexting Rule: This emphasizes the need for financial institutions to proactively prevent pretexting, which involves fraudulent schemes to acquire consumer information. 

Upcoming Changes 

According to the FTC’s Safeguards Rule, all financial institutions must develop, deploy, and maintain a comprehensive security program guided by the GLBA framework to keep customer financial data safe. This means that the controls required by GLBA must reflect the latest necessary measures in data security and protection. The pending updates to the GLBA safeguard framework focus on three main objectives:  

  • They provide additional guidance for financial institutions to develop and implement an information security program. 
  • They exempt financial institutions that collect less customer information from specific requirements. 
  • They define various terms and provide examples to guide and help with implementation. 

Don’t Be Non-Compliant 

These changes must be rapidly implemented by all financial institutions to maintain compliance.  

Performing a gap assessment against the updated GLBA framework is the first step toward updated and comprehensive compliance. Financial institutions can leverage Apptega’s new GLBA framework to map their policies against the new controls and proactively address compliance gaps to strengthen their information security programs. 

With the constant evolution of cyber threats, the GLBA Safeguards play a vital role in protecting consumer information held by financial institutions. By staying ahead of upcoming changes, performing thorough assessments, and leveraging GRC tools such as Apptega, institutions can fortify their information security programs and ensure compliance with GLBA safeguards, thereby safeguarding the interests of both their customers and themselves. 

Related Posts

Read more
Read more
Read more
©2024 All Rights Reserved. Apptega® is a registered trademark Apptega, Inc.
Privacy Policy