As part of the implementation of the Gramm-Leach-Bliley Act (GLBA), the Federal Trade Commission issued the Safeguards and Privacy Rules which require financial institutions to design, implement and maintain an information security program to protect the privacy and integrity of nonpublic customer information. Through administrative, technical and physical safeguards, GLBA programs must perform the following:

  • Ensure the security and confidentiality of customer records and information
  • Protect against any anticipated threats or hazards to the security or integrity of customer records
  • Protect against unauthorized access to or use of customer records or information, which could result in substantial harm or inconvenience to the customer


Passing a GLBA risk assessment means that organizations can demonstrate the presence of required security controls and privacy procedures. DirectDefense assists customers in identifying gaps between their current compliance program and the GLBA guidelines. Our GLBA services include:

  • GLBA Safeguards Rule Gap Assessment
    • Utilizes FFIEC Information Technology Examination Handbook as a reference

  • GLBA Privacy Rule Review
  • Security Testing
  • Developing Required Documentation
    • Information Security Plan
    • Risk Management Program
    • Applicable Policies and Procedures