Gramm-Leach-Bliley Act (GLBA) Safeguards Rule Service Provider Due Diligence Checklists

Gramm-Leach-Bliley Act (GLBA) Safeguards Rule Service Provider Due Diligence, here is the checklists:

1. Describe your organization's administrative, technical, and physical safeguards over non-public financial information to which you may have access if you are selected as the University's vendor. Note that these safeguards must be appropriate to the size and complexity of your firm, the nature and scope of your activities, and the sensitivity of customer information at issue. Use as many pages as necessary to respond.

2. Describe your current or planned procedures for detecting and responding to breaches of security re: access to such non-public financial information. Use as many pages as necessary to respond.

3. Has your organization designated an employee or employees to coordinate the information security program?

4. Has your organization undergone an assessment to identify reasonable, foreseeable internal and external risks to the security, confidentiality, and integrity of customer information that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information?

5. At a minimum, did the risk assessment include consideration of risks in the following areas: employee training and management; information systems including network and software design, as well as information processing, storage, transmission, and disposal; and detecting, preventing, and responding to attacks, intrusions, or other systems failures?

6. Has your organization taken steps to select and retain service providers that are capable of maintaining appropriate safeguards for customer information?

7. Has your organization included appropriate language in service providers' contracts requiring them to implement and maintain appropriate safeguards?