Home
About AAXIS
  The AAXIS Difference
  Leadership
  Partners
What We Do
  System Optimization Services
    System Assessment
    Performance Tuning
    Capacity Planning
    Outage Analysis
  Compliance
    SOX
    GLBA
    SB1386
    HIPAA
  Custom Solutions
    Application Development
    Service Oriented Architecture
    Onsite Offshore Development
Industry Experience
Case Studies
Contact Us

The official designation of the Gramm-Leach-Bliley Act (GLBA) is the Financial Modernization Act of 1999. It has three parts:

•  Financial Privacy Rule: The Financial Privacy Rule governs the collection and disclosure of a consumer's financial information, and affects institutions that receive the information. For more information about the Privacy Rule, go to In Brief: The Financial Privacy Requirements of the Gramm-Leach-Bliley Act .

•  Safeguards Rule: The Safeguard Rule governs the protection of the financial information of the consumer. This applies to both the institution that collects the information and the institutions that receive the information.

•  Pretext Provisions: The Pretext Provisions protect the consumer from individuals or companies that obtain consumer information under false pretenses, known as pretexting.

Financial Institutions

The first two parts only apply to financial institutions however the definition of "financial institution" in the GLBA is very broad.

Financial institutions include: banks; security firms; insurance companies; and non-bank companies that are lending, brokering and/or servicing any type of consumer loans, transferring or safeguarding money, preparing individual tax returns, providing financial advice or credit counseling, providing residential real estate settlement services, collecting consumer debts and/or providing a myriad of other services to consumers.

The Requirements

Financial institutions are required to develop and document an information security program that specifies exactly how the consumer data are being protected. The plan must be approved by the Board of Directors, which is also required to oversee the implementation of the program. The plan must include the following:

  • Risk assessment: Identify all threats to the consumer data, determine the occurrence of each threat and damage potential, and assess the extent to which the current policies, plans and procedures address the threats.
  • Manage and control risks: Develop appropriate security measures to thwart the threats.
  • Oversee and monitor external vendor and service providers' technology and performance
  • Employee training: All employees must be trained to implement security to protocol the information.
AAXIS Role

AAXIS Group can assist organizations as a result of having implemented GBLA provisions in a number of Fortune 100 companies. AAXIS Group can:

  • Provide safeguarding methodology for Non-Public Personal Information (NPI) by applying proven and GLBA compliant rules
  • Provide technology to prevent misuse of the NPI data
  • Provide effective SDLC processes in combination with SOX compliance rules to prevent human errors
  • Provide effective monitoring and auditing capabilities for on-going safeguarding of the NPI data

Copyright © 2005. AAXIS Group Corporation. All rights reserved.