<img alt="" src="https://secure.badb5refl.com/165368.png" style="display:none;">

Apptega Launches GLBA Framework to Coincide with Impending Updates

By Natalie Anderson on May 30, 2023

Subscribe to the Apptega blog

Apptega Launches GLBA Framework to Coincide with Impending Updates

May 30, 2023 | BY Natalie Anderson

For companies in the financial industry, or those that handle nonpublic personal information (NPI), the Gramm-Leach-Billey Act Safeguards (GLBA) should be at the forefront of their information security practices. Under the GLBA Safeguards, created and enforced by the Federal Trade Commission (FTC), financial institutions must establish comprehensive information security programs that encompass administrative, technical, and physical controls. These measures help ensure the confidentiality and integrity of customer data. 

But in such a highly regulated industry and amid an ongoing barrage of cyberattacks, the GLBA framework must be consistently evaluated and updated to ensure companies protect customer data against emerging threats. Because of this, on June 9, 2023, the GLBA Safeguard controls will be updated to require companies to have comprehensive infosec practices in place. 

Updated standards and evolving requirements can be stressful for MSPs and organizations in highly regulated industries, but worry not – Apptega recently launched the updated GLBA framework in our platform to ensure businesses have a clear view of the relevant controls and their progress toward compliance. 

Here’s what you need to know. 

Reaching Compliance 

The GLBA Safeguard framework applies to financial institutions in the United States, including all banks, security firms, insurance companies, mortgage lenders, financial advisors, universities, and other businesses that manage NPI and/or handle financial services.  

These institutions must consistently monitor and test their information security systems while quickly addressing any identified vulnerabilities or incidents, as non-compliance can lead to hefty fines, criminal charges, and even jail time. Companies must also have a well-defined incident response plan in place to effectively manage security breaches or unauthorized access to customer information. 

Within the GLBA framework, companies need to focus on three primary regulations: 

  1. The Financial Privacy Rule: This rule helps ensure transparency by requiring institutions to provide written information to customers regarding the collection, use, sharing, and protection of their information. It also empowers customers to restrict the sharing of their information with unaffiliated third parties.  
  2. The Safeguard Rule: This rule, on the other hand, mandates institutions to employ administrative, technical, and physical measures to protect the confidentiality, integrity, and security of retained nonpublic personal information.
  3. The Pretexting Rule: This emphasizes the need for financial institutions to proactively prevent pretexting, which involves fraudulent schemes to acquire consumer information. 

Upcoming Changes 

According to the FTC’s Safeguards Rule, all financial institutions must develop, deploy, and maintain a comprehensive security program guided by the GLBA framework to keep customer financial data safe. This means that the controls required by GLBA must reflect the latest necessary measures in data security and protection. The pending updates to the GLBA safeguard framework focus on three main objectives:  

  • They provide additional guidance for financial institutions to develop and implement an information security program. 
  • They exempt financial institutions that collect less customer information from specific requirements. 
  • They define various terms and provide examples to guide and help with implementation. 

Don’t Be Non-Compliant 

These changes must be rapidly implemented by all financial institutions to maintain compliance.  

Performing a gap assessment against the updated GLBA framework is the first step toward updated and comprehensive compliance. Financial institutions can leverage Apptega’s new GLBA framework to map their policies against the new controls and proactively address compliance gaps to strengthen their information security programs. 

With the constant evolution of cyber threats, the GLBA Safeguards play a vital role in protecting consumer information held by financial institutions. By staying ahead of upcoming changes, performing thorough assessments, and leveraging GRC tools such as Apptega, institutions can fortify their information security programs and ensure compliance with GLBA safeguards, thereby safeguarding the interests of both their customers and themselves. 

More Resources

GBQ Joins Apptega’s Growing Network of Firms Dedicated to Building World-Class Compliance Programs  

Today Apptega announces a partnership with GBQ Partners LLC (GBQ), a top 100 tax, accounting and consulting firm headquartered in Columbus, OH.

Learn More

Apptega Lands 39 Badges, including GRC Momentum Leader, in Fall G2 Reports

Apptega, the end-to-end GRC platform for forward-thinking IT and managed service providers, earned 39 high-performer and momentum leader badges in G2’s fall reports.

Learn More

Unlocking Value with the Insider Direct Model

By shifting the value from products to consultants, the insider direct model empowers cybersecurity professionals to deliver their expertise with an unwavering commitment to the protection and compliance of the customer.

Learn More

Subscribe to Our Cybersecurity Insights