The Gramm-Leach-Bliley Act requires financial institutions in the U.S. to protect the ‘Non-Public Personal Information’ of their customers and consumers that they handle. Such institutions must comply by informing clients of their right to privacy and how they disclose their clients’ information and by developing a security plan for their internal information systems.
If you are looking for a reliable tool to monitor and audit your Microsoft 365 environment and generate reports for your GLBA Audits on time, then look no further than AdminDroid.
As a GLBA Compliance Reporting tool for Microsoft 365, AdminDroid offers you visibility into your tenant in a holistic manner allowing you to ensure data security and comply with GLBA.
The Gramm-Leach-Bliley Act or the Financial Services Modernization Act is a federal law passed by the United States Congress in the year 1999. The primary intention of the Act was to legalize the consolidation of institutions offering different financial services such as investment banking, commercial banking, security trading, and insurance dealing.
A certain portion of the legislation is devoted to set down in writing the obligations of such institutions to protect the information of their clients and customers.
These provisions are collectively grouped as:
The Safeguards Rule requires organizations to develop a written security plan for their information systems. All the measures required by GLBA must be set down in this plan.
The Financial Privacy Rule directs organizations under the purview of GLBA to issue their customers a privacy notice at the time of relationship establishment, informing them of their rights and how their information is used.
The Federal Trade Commission oversees the implementation and maintenance of the regulation by regularly updating the law.
The Safeguards Rule, with the most recent update, clearly outlines the necessary measures that need to be taken to protect customer and consumer data in an information system. It is important to note that the focus here is on the data and not the nature of the information system as a whole. If your organization happens to use cloud platforms such as Microsoft 365 to store and share data internally, all the provisions of the Safeguards Rule apply to your Microsoft 365 environment, irrespective of whether you use it as a stand-alone environment or a hybrid solution.
Microsoft has equipped Microsoft 365 with highly useful tools that ease the burden on the person or team managing GLBA Safeguards and Audit. Microsoft disappoint us when it comes to the following issues:
Microsoft 365 does not have native reports mapped to the GLBA Regulatory Standard. During an audit, this would result in a needless volley of requests for reports between the GLBA assigned compliance team and the IT Department.
The Compliance Search tool only allows one to search for specific content and not for specific events and time-stamps. Without a search tool, audit records cannot be summoned when needed thus making the entire audit inefficient and lengthy.
Microsoft 365 allows you to retain audit log data for a maximum of only 90 days which is extendable to one year with the purchase of the appropriate plan. This falls way short of the GLBA Mandate of 6 years.
AdminDroid offers customizable reports for GLBA on all Microsoft 365 Services without any data retention restrictions.
With our trove of reports, you can breathe easy about generating the right ones on time for your GLBA audit. Our reports are customizable, meaning that you can drill down the report for specific data. They are easy to manage and can be scheduled in the format you desire. We have a dedicated search tool, so you don’t have to waste time searching for a specific report.
GLBA specifies that audit data must be retained for 2 years. Ignore the difficulties as AdminDroid provides infinite data retention facility.
To facilitate your job, we have mapped our compliance reports with the control requirements specified in the FFIET’s handbook.
The Federal Financial Institutions’ Examination Council (FFIEC) designs and supervises GLBA audits for all financial institutions. FFIEC has prepared the ‘IT Handbook’ which provides guidance and advise to financial institutions on implementing IT controls.
AdminDroid has compiled and mapped its report collections to the requirements in the FFIEC’s IT Handbook, to make your job of implementing IT control easier.
AdminDroid has a dedicated Report Board featuring all the reports you will need for your GLBA Compliance Audit.
User Security Management Discover all Microsoft 365 users who are allowed to access the data. Spot suspicious actions by observing Microsoft 365 user activities.
Configuration ManagementCheck whether the configured settings are sufficient to protect your data. Review system configuration changes to avoid unnecessary setting changes.
Inventory & Classification of AssetsIdentify users' mobile devices to restrict any unnecessary device usage. Observe all the Microsoft 365 users' device usage to control extraneous access to your data.
Risk IdentificationEnsure that file requests are handled in a way to prevent any data leakage. Confirm that only necessary privileges are given to users for accessing data.
Risk MeasurementEnsure that Microsoft 365 files are accessed and modified by required authorized users. Keep track of threats and alerts to prevent your data from any risks.