Corporate Governance

The Gramm-Leach-Bliley Act (GLBA) was enacted by the United States government in 1999. GLBA, also known as the Financial Services Modernization Act of 1999, protects the privacy and security of private financial information that financial institutions collect, hold, and process. The privacy component of this act requires financial institutions to provide customers with an annual notice of their privacy practices, and to provide them the option to direct financial institutions not to share such information.

The safeguards component of the regulation requires financial institutions to establish a comprehensive security program to

Download Free Outsourcing IT Project Vendor Financial Information - Request for Proposal Checklist

1 Base Fees.
1.1 Specify vendor’s overall base fees, presented as fixed annual payments over the term.
1.2 At a minimum, the vendor’s base charges should include information technology services that Customer provides for itself through its own personnel as of the date of the outsourcing agreement, as such services may evolve during the term.
1.3 [The base fees should include a compounded annual growth rate of [NUMBER] percent.]
1.4 [The vendor must reconcile its final pricing structure to Customer’s [***] budget, which is attached as Appendix [NUMBER].]
1.5 All cost areas, including vendor responsible, pass-through, and Customer-retained cost areas, should be detailed by subarea (e.g., data center, AS/400s) over each of the years of the term.
1.6 Provide your base fees, broken down into separate pricing for each of the following subareas for each of the years of the term:

Download Free Information Technology Cost-benefit Analysis Checklist (swjdgfvx68)

- Determining the impact of implementing the new or enhanced controls
- Determining the impact of not implementing the new or enhanced controls
- Estimating the costs of the implementation of Hardware and software purchases
- Estimating the costs of the implementation of Reduced operational effectiveness if system performance or functionality is reduced for increased security

1. Incidents, or a lack of them, traceable to a lack of integration.
The Australian Customs office example, in which two people appearing to be service personnel simply entered a supposedly high-security area and walked out with several highly sensitive servers, illustrates the point. Most organizations would hopefully consider something less dramatic as a suitable indicator of the need to coordinate and integrate these functions.

2. The number of management levels before assurance processes fall under the same organizational position.
It is axiomatic that the more reporting levels for the various assurance functions before coalescing to a single “authority,” the greater is the likely lack of integration between their functions. A KGI could be fewer reporting lines and levels before reporting to a single organizational position.

3. Inconsistencies or contradictions in the objectives, policies, and standards applied to various assurance functions.

Download free IT Security Governance Implementation Strategy Checklist:
1. Define and enumerate the desired outcomes for the information security program

2. Determine the objectives necessary to achieve those outcomes

3. Describe the attributes and characteristics of the desired state of security