IT/GLBA Audit & Assessment

A CoNetrix IT/GLBA Audit and Network Assessment of your company’s information systems will help you comply with regulatory guidance, the Gramm-Leach-Bliley Act (GLBA), and industry best practices.

Areas Analyzed

A CoNetrix IT/GLBA Audit and Assessment includes an analysis of existing Information Technology infrastructure, compliance with the Gramm-Leach-Bliley Act, policies and procedures, and security controls. Our Audit and Assessments include the following thirteen areas:

  1. Audit processes and procedures
  2. Management and operations
  3. Vendor management
  4. Information Security Program
  5. Development and acquisition
  6. Support and delivery
  7. Information technology infrastructure (including virtualization if applicable)
  8. Data and physical security
  9. FedLine Advantage
  10. E-Banking
  11. Disaster Recovery Planning/Business Continuity Planning
  12. Identity Theft Prevention Program
  13. Remote Deposit Capture
  14. Unlawful Internet Gambling Enforcement Act (UIGEA)

In addition, we can customize the audit engagement to fit your needs. In some cases, we are asked to narrow the scope of the engagement to one of the following types of audits:

  • GLBA Audit
  • IT General Controls Audit
  • Network Vulnerability Assessment
  • Virtualization Audit

Regulatory Requirements

According to the FFIEC IT Examination Handbook, "The frequency of testing should be determined by the institution's risk assessment. High-risk systems should be subject to an independent diagnostic test at least once a year."

While CoNetrix has conducted audits and network assessments for various companies, our specialization is financial institutions (banks, savings associations, credit unions, and trust companies). Our audits are based on regulations and guidance from the following:

  • Federal Financial Institutions Examination Council (FFIEC)
  • Federal Deposit Insurance Corporation (FDIC)
  • Office of the Comptroller of the Currency (OCC)
  • Federal Reserve (FRB)
  • National Credit Union Administration (NCUA)
  • Control Objectives for Information and related Technology (COBIT) from ISACA
  • Industry Best Practices (typically compiled from our relationships with Microsoft, Cisco, VMware, Citrix, etc.)

Why CoNetrix?

Knowledge and Expertise:

  • CoNetrix has conducted more than 500 different IT related audit engagements since 2001.
  • The CoNetrix staff has more than 500 years of accumulated information technology, network, and security experience.
  • CoNetrix’s security experts hold numerous security certifications, such as CISSP, SSCP, CISM, CISA, and other Microsoft and Cisco security specializations.
  • CoNetrix maintains a staff of multiple network engineers.

The CoNetrix Difference:

  • CoNetrix provides easy-to-read reports with findings sorted by associated risk and estimated cost.
  • Reports include regulatory reference, remediation recommendations, and a detailed review with a CoNetrix security expert.
  • A comprehensive work program is built upon:
    • CoNetrix audit experience
    • FFIEC Information Technology Examination Booklets
    • Gramm-Leach-Bliley Act Standards for Safeguarding Customer Information
    • Information Systems Audit and Control Association (ISACA) guidelines