Follow this checklist to implement your GLBA conformance process.
Contact us to receive additional guidance on HIPAA, PCI, SOX & SSAE16 technology compliance.
Jon Bowling, President
I. Assign GLBA Compliance Officer.
- This person should be familiar with all aspects of the office Operations and if possible have a rudimentary understanding of technology.
- Duties will include…
- Developing office policies and procedures
- Implementing office policies and procedures
- Training of Staff members
- Training of new staff members
- Securing and Managing Vendors to ensure technological Compliance to the GLBA
- Periodic review of policies and procedures
- Development and management of Customer Notices
- Implementation of and management of Business Continuity Agreements with Vendors
II. Office Policies and Procedures
- These Policies and procedures are to be used in all every day activities throughout the offices.
- These Policies and Procedures are to ensure that our customers’ private and confidential Information is not compromised in any way as per the guidelines and rules set forth in the Gramm-Leach-Bliley-Act.
- Office Procedures;
- New Customer on-boarding.
- Customer is to be escorted to a designated conference room.
- Customer is to be provided a Privacy Compliance Notice.
- Customer is to complete the On-Boarding Documentation with the assistance of a staff member.
- Ensure that all customer information is removed from the Conference room when On-Boarding process is complete.
- Daily procedures:
- Ensure all customer files remain in the security of the employee office.
- Ensure all files not being worked are placed inside a file cabinet or desk drawer.
- Ensure that during the scanning of Customer files they are not left unattended during the scanning process. Employees should remain at the scanner to ensure the security of files during the process.
- Ensure that all computer Monitors can not be viewed by a “passer-by” of employee office.
- Ensure that all visitors are escorted at all times during their visit and kept out of employee offices unless their duties require entry. In the event entry is necessary all customer files and information is to be stored securely in a file cabinet or desk drawer
- Ensure all employees close office door when leaving their office. If any “in-work” customer files are open the employee must lock the door when leaving
- New Customer on-boarding.
III. Electronic Data Policies and Procedures.
- Ensure that all employees have secure passwords for accessing their computers and programs containing Confidential Customer Information.
- Ensure that Employee is using the minimum recommended password protection using the following criteria.
- Minimum Seven Characters
- Must contain at least three of the following
- UPPER CASE
- Lower Case
- Numeric value 1234 etc.
- Special Function Key !@#$ etc.
- Ensure that all employees have timed screen saver of 10 minutes or less with password protection.
- Ensure that employee doers not share Usernames and Password with anyone (This is a violation of the CFAA (Computer Fraud and Abuse Act))
- Ensure that Employee does not record on paper and leave in close proximity to their computer password to access either their system or Programs that contain Confidential Customer Information.