PROACTIVE RISK
  • About
    • 800 lb Gorilla
    • Our Manifesto
    • Simple Agreements >
      • Mutual Confidentiality and Non Disclosure Agreement
      • Master Agreement | Work Order
    • BLOG
    • Capabilities Summary
    • Request Support
    • Contact Us
  • SOLUTIONS
    • Fractional CIO/CISO
    • Cyber Recruiter
    • Threat Modeling
    • Policies and Plans
    • MonitorIT®
    • Software Development
    • Domains | DNS
    • PhishIT®
    • MeasureRISK®
    • Vendor Risk
    • CATSCAN®
    • Physical Security
    • Backup Resiliency
    • ProtectIT®
    • ManageIT®
    • FINDIT® >
      • RAPTOR eDiscovery
  • RESOURCES
    • Tech News
    • Videos
    • Store
    • Guides | Tools
    • STAFF

GRAY BEARD BLOG

SHARING RANDOM THOUGHTS ON TECH

GLBA for CPa and accountants

1/3/2023

 
The Gramm-Leach-Bliley Act (GLBA) is a federal law that requires financial institutions, including accounting and CPA businesses, to protect the privacy of customers' nonpublic personal information (NPI). The GLBA safeguard rules provide specific guidelines for how financial institutions should protect this information. Here are some steps that accounting and CPA businesses can take to comply with the GLBA safeguard rules:
  1. Conduct a risk assessment: A risk assessment will help identify potential vulnerabilities in the organization's information systems and processes. This will help determine what types of safeguards are needed to protect customer NPI.
  2. Implement administrative, technical and physical safeguards: GLBA requires financial institutions to implement a variety of safeguards to protect customer NPI. Administrative safeguards include policies and procedures for protecting NPI, such as access controls, incident response plans and employee training. Technical safeguards include firewalls, intrusion detection systems, and encryption. Physical safeguards include secure storage and disposal of NPI.
  3. Limit access to NPI: Access to NPI should be limited to only those employees who need it to perform their job duties. This can be done by implementing role-based access controls, which restrict access based on an employee's role or job responsibilities.
  4. Train employees: Employee training is essential for ensuring that employees understand the importance of protecting customer NPI and know how to do it. This training should be provided on a regular basis and should include information on the organization's policies and procedures for protecting NPI.
  5. Review and update policies and procedures: Policies and procedures for protecting NPI should be reviewed and updated regularly to ensure that they are in compliance with the GLBA safeguard rules.
  6. Conduct regular audits: Regular audits can help identify potential vulnerabilities in the organization's information systems and processes, and can be used to determine whether the safeguards in place are effective.
  7. Maintain records of compliance: Financial institutions are required to maintain records of their compliance with the GLBA safeguard rules. This includes records of risk assessments, employee training, and audits.
By following these steps, accounting and CPA businesses can comply with the GLBA safeguard rules and protect the privacy of their customers' nonpublic personal information. It's important to note that compliance with the GLBA safeguard rules should be an ongoing process and policies and procedures should be updated regularly to stay in compliance.

    Tom Brennan

    This is my blog, there are many like it but this one is mine. Enjoy.

    View my profile on LinkedIn

    BLOG Archives

    March 2023
    February 2023
    January 2023
    December 2022
    November 2022
    August 2022
    April 2022
    August 2021
    March 2021
    January 2021
    August 2020

    Categories

    All
    CMMC
    COMMUNITY
    TECHTIP

    RSS Feed

Contact Info

Proactive Risk Inc.
Tel: +1 (973) 298-1160
Web: www.proactiverisk.com
eMail: sales(at)proactiverisk.com

CONTACT US
Picture
© COPYRIGHT 2023. ALL RIGHTS RESERVED.
  • About
    • 800 lb Gorilla
    • Our Manifesto
    • Simple Agreements >
      • Mutual Confidentiality and Non Disclosure Agreement
      • Master Agreement | Work Order
    • BLOG
    • Capabilities Summary
    • Request Support
    • Contact Us
  • SOLUTIONS
    • Fractional CIO/CISO
    • Cyber Recruiter
    • Threat Modeling
    • Policies and Plans
    • MonitorIT®
    • Software Development
    • Domains | DNS
    • PhishIT®
    • MeasureRISK®
    • Vendor Risk
    • CATSCAN®
    • Physical Security
    • Backup Resiliency
    • ProtectIT®
    • ManageIT®
    • FINDIT® >
      • RAPTOR eDiscovery
  • RESOURCES
    • Tech News
    • Videos
    • Store
    • Guides | Tools
    • STAFF