IT/GLBA Audit & Assessment
A CoNetrix IT/GLBA Audit and Network Assessment of your company’s information systems
will help you comply with regulatory guidance, the Gramm-Leach-Bliley Act (GLBA),
and industry best practices.
A CoNetrix IT/GLBA Audit and Assessment includes an analysis of existing Information
Technology infrastructure, compliance with the Gramm-Leach-Bliley Act, policies
and procedures, and security controls. Our Audit and Assessments include the following thirteen areas:
- Audit processes and procedures
- Management and operations
- Vendor management
- Information Security Program
- Development and acquisition
- Support and delivery
- Information technology infrastructure (including virtualization if applicable)
- Data and physical security
- FedLine Advantage
- Disaster Recovery Planning/Business Continuity Planning
- Identity Theft Prevention Program
- Remote Deposit Capture
- Unlawful Internet Gambling Enforcement Act (UIGEA)
In addition, we can customize the audit engagement to fit your needs. In some cases,
we are asked to narrow the scope of the engagement to one of the following types
- GLBA Audit
- IT General Controls Audit
- Network Vulnerability Assessment
- Virtualization Audit
According to the FFIEC IT Examination Handbook, "The frequency of testing should be determined by the institution's risk assessment. High-risk systems should be subject to an independent diagnostic test at least once a year."
While CoNetrix has conducted audits and network assessments for various companies,
our specialization is financial institutions (banks, savings associations, credit
unions, and trust companies). Our audits are based on regulations and guidance from
- Federal Financial Institutions Examination Council (FFIEC)
- Federal Deposit Insurance Corporation (FDIC)
- Office of the Comptroller of the Currency (OCC)
- Federal Reserve (FRB)
- National Credit Union Administration (NCUA)
- Control Objectives for Information and related Technology (COBIT) from ISACA
- Industry Best Practices (typically compiled from our relationships with Microsoft,
Cisco, VMware, Citrix, etc.)
Knowledge and Expertise:
- CoNetrix has conducted more than 500 different IT related audit engagements since 2001.
- The CoNetrix staff has more than 500 years of accumulated information technology, network, and security experience.
- CoNetrix’s security experts hold numerous security certifications, such as CISSP, SSCP, CISM, CISA, and other Microsoft and Cisco security specializations.
- CoNetrix maintains a staff of multiple network engineers.
The CoNetrix Difference:
- CoNetrix provides easy-to-read reports with findings sorted by associated risk and estimated cost.
- Reports include regulatory reference, remediation recommendations, and a detailed review with a CoNetrix security expert.
- A comprehensive work program is built upon:
- CoNetrix audit experience
- FFIEC Information Technology Examination Booklets
- Gramm-Leach-Bliley Act Standards for Safeguarding Customer Information
- Information Systems Audit and Control Association (ISACA) guidelines