Gramm-Leach-Bliley Act (GLBA) Departmental Risk Assessment

Securing Client Information at Financial Institutions

The Sage Gramm-Leach-Bliley Act (GLBA) compliance assessment evaluates to what extent your organization is compliant with federal GLBA regulations, a set of rules designed to ensure that you are handling and protecting your clients’ Non-public Personal Information (NPPI) properly.

The Sage Methodology

The goal of a Sage GLBA Risk Assessment is to ensure that the risks to GLBA-protected data and corresponding systems are recognized and properly managed. The outcome of the assessment should be used as a basis for risk management decisions and strategic planning. The objectives of a risk assessment are to identify and document the threats, controls, and residual risk level of associated critical information systems and supporting infrastructure.

Our GLBA assessment will:

  • Document data stores (both digital and paper).
  • Identify internal controls.
  • Determine the effective residual risk to customer information stored, processed and transmitted by your institution.
  • Provide risk reduction and/or security enhancement recommendations.

Reports and Recommendations

An Executive Synopsis will provide a composite view of the risk level (including GLBA compliance). Supporting the Synopsis will be reports and recommendations.

The scope includes:

  • Physical documents containing NPPI that are stored, processed, or transmitted.
  • Digital documents containing NPPI that are stored, processed, or transmitted.
  • Supporting infrastructure; In-house and Internet-based applications and systems that are managed by your institution.
  • Third-parties that have access to physical documents, digital documents or supporting infrastructure.


The Sage Cybersecurity Lifecycle

The Sage Data Security Cybersecurity Lifecycle

Cybersecurity isn’t a destination.

There is no single, straight path that will get you to the point where you can say, “We did it! We’re 100% cyber-secure.”

A more realistic destination is cyber resiliency – the ability to prepare for and adapt to changing conditions, so you can withstand and recover rapidly from disruptions. Achieving cyber resilience depends on what we like to call the cybersecurity lifecycle – an ongoing cycle of interconnected elements that compliment and reinforce one another.

Learn More