The ISO Program is structured to ensure that best practices in information security management are established within the following four critical domains:

• Formalize and document the duties of the Information Security Officer
• Ensure continual compliance to GLBA requirements
• Provide reports on the position of the institution in regards to information security objectives and GLBA requirements to the board of directors and other executive committees

• Review GLBA risk assessments
• Review Internet and Mobile Banking risk assessments
• Review Technology Infrastructure risk assessments
• Identify and assist in the development of risk assessments needed for successful and secure implementation of new technologies

• Review privileges for all systems that contain customer non-public personal information or company sensitive information
• Review control test results including: Audit Reports, Vulnerability Assessments, Penetration Tests, and others as needed
• Assist in the development and implementation of information security training for employees and the board of directors

• Review Vendor Risk assessments
• Review Vendor Management policies
• Annual analysis and review of critical vendors
• Monitoring of critical vendors

Regardless of the level of assistance that your bank requires, The Norman Group’s information security experts are capable of providing the support needed to ensure that your organization is able to achieve its objectives and maintain compliance with GLBA requirements. To learn more about the ISO program or other information security solutions contact us today.