Welcome » IT Booklets » E-Banking » Risk Management of E-Banking Activities » Information Security Program » Security Guidelines
Financial institutions must comply with the "Guidelines
Establishing Standards for Safeguarding Customer Information"
(guidelines) as issued pursuant to the Gramm-Leach-Bliley Act of
1999 (GLBA).The guidelines were published in the Federal
Register on February 1, 2001, and effective on July 1, 2001.
When financial institutions introduce e-banking or related support
services, management must re-assess the impact to customer
information under the GLBA. The guidelines require financial
The guidelines outline specific measures institutions should
consider in implementing a security program. These measures
The guidelines also outline the responsibilities of management
to oversee the protection of customer information including the
security of customer information maintained or processed by service
providers. Oversight of third-party service providers and vendors
is discussed in this booklet under the headings "Board and
Management Oversight" and "Managing Outsourcing Relationships."
Additional information on the guidelines can be found in the IT
Handbook's "Management Booklet." The IT Handbook's "Information
Security Booklet" presents additional information on the risk
assessment process and information processing controls.
The guidelines required by the GLBA apply to customer
information stored in electronic form as well as paper-based
records. Examination procedures specifically addressing compliance
with the GLBA guidelines can be accessed through the agency
websites listed in the reference section of this booklet. Although
the guidelines supporting GLBA define customer as "a consumer who
has a customer relationship with the institution," management
should consider expanding the written information security program
to cover the institution's own confidential records as well as
confidential information about its commercial customers.