IT Examiner School, Seaside, CA

Most Common GLBA Examination Issues

• Information Security Program stale/outdated • Risk assessment not updated at lease annually • Risk Assessment is IT centric and not enterprise-wide • Inadequate Information Security Report to the Board (or a lack of reporting) • Poor vendor oversight • Lack of training

GLBA Summary

Key Guidelines for Reviewing GLBA/Required Information for the Annual Report: • Determine the Involvement of the Board • Evaluate the Risk Assessment Process • Evaluate the adequacy of the Program to manage and control risk • Assess the measures taken to oversee service providers • Determine whether an effective process exists to adjust the Program • Summarize and communicate findings