The GLBA Compliance Bundle is designed to provide all the documentation and cybersecurity activities required by credit unions to meet the standards set by the Gramm-Leach-Bliley Act as defined in the NCUA 12 CFR 748 Appendix A. This engagement includes the creation of documentation in year one, with annual refreshes thereafter to ensure ongoing alignment with credit union operations.

  

• Description and process

  • Information Security Risk Assessment

    • Following the NIST Risk Assessment framework to help credit unions measure their IT risk across the organization.

    • Inventory all technology assets including network infrastructure, systems, services, and applications.

    • Evaluate the effectiveness of controls versus the threats that exist.

    • Provide the credit union with a quantitative measure of residual risk for each asset.

    • Offer recommendations to improve controls where applicable.

 

• Documented Information Security Program and applicable Policies

  • Design your institution’s information security framework.

  • Include all key areas including authentication, access control, encryption, change management, etc.

  • Develop policies and procedures to ensure technology execution happens within industry standards.

 

• Incident Response Plan

  • Incident Response Plan creation (with high-level testing playbook and schedule).

  • Includes an annual Incident Response Tabletop Exercise

 

• Business Continuity Plan/BIA

  • Business Continuity Plan creation (with high-level testing playbook and schedule).

  • Conduct a high-level Business Impact Analysis using a top-down approach with report provided.

 

• Annual Report for the Board

  • Board level presentation that demonstrates the institution’s information security posture. Includes audit and examination results and response, incident and business continuity testing and events. Provides a recap of the year’s key information security objectives and the coming year’s goals.

 

 As a value-added bonus, IT audit and Exam preparation will also be provided to ensure readiness for the event as well as professional assistance in the management response. This is the most highly requested service and for good reason. Contact us today to learn how the GLBA Compliance Bundle can help your credit union.

 

Contact us today to learn more about the GLBA Compliance Bundle and to request a proposal with statement of work, customized to the specific needs of your credit union operations. Put our experience to work for you!