IT/GLBA Audit & Assessment
A CoNetrix IT/GLBA Audit and Network Assessment of your company’s information systems
will help you comply with regulatory guidance, the Gramm-Leach-Bliley Act (GLBA),
and industry best practices.
A CoNetrix IT/GLBA Audit and Assessment includes an analysis of existing Information
Technology infrastructure, compliance with the Gramm-Leach-Bliley Act, policies
and procedures, and security controls. Our Audit and Assessments include the following fourteen areas:
- Audit processes and procedures
- Management and operations
- Vendor management
- Information Security Program
- Development and acquisition
- Support and delivery
- Information technology infrastructure (including virtualization if applicable)
- Data and physical security
- Wire/ACH Technical Controls
- Disaster Recovery Planning/Business Continuity Planning
- Identity Theft Prevention Program
- Remote Deposit Capture
- Unlawful Internet Gambling Enforcement Act (UIGEA)
In addition, we can customize the audit engagement to fit your needs. In some cases,
we are asked to narrow the scope of the engagement to one of the following types
- Cybersecurity Assessment/IT Security Review
- GLBA Audit
- IT General Controls Audit
- Network Vulnerability Assessment
- Virtualization Audit
According to the FFIEC IT Examination Handbook, "The frequency of testing should be determined by the
institution's risk assessment. High-risk systems should be subject to an independent diagnostic test at least
once a year." (Information Security Booklet, p. 82)
While CoNetrix has conducted audits and network assessments for various companies,
our specialization is financial institutions (banks, savings associations, credit
unions, and trust companies). Our audits are based on regulations and guidance from
- Federal Financial Institutions Examination Council (FFIEC)
- Federal Deposit Insurance Corporation (FDIC)
- Office of the Comptroller of the Currency (OCC)
- Federal Reserve (FRB)
- National Credit Union Administration (NCUA)
- Control Objectives for Information and related Technology (COBIT) from ISACA
Industry Best Practices (typically compiled from our relationships with Microsoft,
Cisco, VMware, Citrix, etc.)
- Critical Security Controls for Effective Cyber Defense (Council on CyberSecurity)
Knowledge and Expertise:
- CoNetrix has conducted more than 600 different IT related audit engagements since 2001.
- The CoNetrix staff has more than 500 years of accumulated information technology, network, and security experience.
- CoNetrix’s security experts hold numerous security certifications, such as CISSP, SSCP, CISM, CISA, and other Microsoft and Cisco security specializations.
- CoNetrix maintains a staff of multiple network engineers.
The CoNetrix Difference:
- CoNetrix provides easy-to-read reports with findings sorted by associated risk and estimated cost.
Reports include regulatory reference, remediation recommendations, and a detailed review with a CoNetrix security expert.
Access to the tandem Audit Lite software, a finding and response manager,
is included. Audit Lite is a version of the
software limited to tracking CoNetrix security engagements.
A comprehensive work program is built upon:
- CoNetrix audit experience
- FFIEC Information Technology Examination Booklets
- Gramm-Leach-Bliley Act Standards for Safeguarding Customer Information
- Information Systems Audit and Control Association (ISACA) guidelines