IT/GLBA Audit & Assessment Services for Financial Institutions
A Beyond Secure IT/GLBA Audit and Network Assessment of your company’s information systems will help you comply with regulatory guidance, the Gramm-Leach-Bliley Act (GLBA), and industry best practices.
A IT/GLBA Audit and Assessment includes an analysis of existing Information Technology infrastructure, compliance with the Gramm-Leach-Bliley Act, policies and procedures, and security controls. Our Audit and Assessments include the following fourteen areas:
- Audit processes and procedures
- Management and operations
- Vendor management
- Information Security Program
- Development and acquisition
- Support and delivery
- Information technology infrastructure (including virtualization if applicable)
- Data and physical security
- Wire/ACH Technical Controls
- Disaster Recovery Planning/Business Continuity Planning
- Identity Theft Prevention Program
- Remote Deposit Capture
- Unlawful Internet Gambling Enforcement Act (UIGEA)
In addition, we can customize the audit engagement to fit your needs. In some cases, we are asked to narrow the scope of the engagement to one of the following types of audits:
- Cybersecurity Assessment/IT Security Review
- GLBA Audit
- IT General Controls Audit
- Network Vulnerability Assessment
- Virtualization Audit
According to the FFIEC IT Examination Handbook, “The frequency of testing should be determined by the institution’s risk assessment. High-risk systems should be subject to an independent diagnostic test at least once a year.“
While Beyond Secure, Inc. has conducted audits and network assessments for various companies, our specialization is financial institutions (Banks, Brokers, Investment Advisors, and trust companies, Family Offices and other S.E.C , FINRA or PCI regulated companies). Our audits are based on regulations and guidance from the following:
- Federal Financial Institutions Examination Council (FFIEC)
- Federal Deposit Insurance Corporation (FDIC)
- Office of the Comptroller of the Currency (OCC)
- Federal Reserve (FRB)
- Control Objectives for Information and related Technology (COBIT) from ISACA
- Industry Best Practices (typically compiled from our relationships with Microsoft, Cisco, VMware, Citrix, Sophos, etc.)
- Critical Security Controls for Effective Cyber Defense (Council on CyberSecurity)
Why Beyond Secure, Inc.?
Knowledge and Expertise:
- BSI has conducted more than 2500 different IT related audit engagements since 2001.
- The BSI staff has hundreds of years of accumulated information technology, network, and security experience.
- beyond Secure’s security experts hold numerous security certifications, such as CISSP, SSCP, CISM, CISA, and other Microsoft, Sophos and Cisco security specializations.
- BSI maintains a staff of multiple network engineers.
The BSI Difference:
- BSI provides easy-to-read reports with findings sorted by associated risk and estimated cost.
- Reports include regulatory reference, remediation recommendations, and a detailed review with a BSI security expert.
- BSI audit experience
- FFIEC Information Technology Examination Booklets
- Gramm-Leach-Bliley Act Standards for Safeguarding Customer Information
- Information Systems Audit and Control Association (ISACA) guidelines
- Established Security Frameworks Employed
- PCI Card Holder Data Compliance Remediation Programs