IT Examiner School eBook

Institution Name: Click here to enter institution name Cert# Click here to enter cert number

Information Technology Risk Examination

Preparer: Click here to enter preparer name Start Date: Click here to select .a start date.

Information Security Standards

Workpaper

INTERAGENCY GUIDELINES ESTABLISHING INFORMATION SECURITY STANDARDS The Interagency Guidelines Establishing Information Security Standards (Information Security Standards) set forth standards pursuant to section 501(b) of the Gramm-Leach-Bliley Act (GLBA). These Information Security Standards address developing and implementing administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of customer information. They also address the proper disposal of consumer information pursuant to sections 621 and 628 of the Fair Credit Reporting Act. The Information Security Standards are set forth in: Information security principles and standards, contained within the Information Security Standards, are interspersed throughout all areas of the information technology examination modules. Examination procedures that are applicable to the Information Security Standards are marked with this GLBA icon. The Information Security Standards compliance comment contained in this workpaper should be a concise summary of the findings noted during the evaluation of the GLBA-related factors and procedures contained in the Core Modules. Note: Each requirement contained in the Information Security Standards is tied to the examination procedure most applicable to that requirement. However, examiners should recognize that additional procedures may also tie to each Guideline requirement. FDIC - Rules & Regulations Part 364, Appendix B Federal Reserve - Regulation H, Appendix D-2

Summary Comment – GLBA Information Security Standards (Comment should be included in the Report of Examination)

IS.1. After completing the GLBA-related examination procedures contained in the Core Modules, summarize the institution’s compliance with the Interagency Guidelines Establishing Information Security Standards.

Click here to enter comment

Strong ☐

Satisfactory ☐

Less than satisfactory ☐

Deficient ☐

Critically deficient ☐