Risk Assessments

 View Only
  • 1.  Customer Information Risk Assessment

    This message was posted by a user wishing to remain anonymous
    Posted 08-05-2024 07:52 AM
    This message was posted by a user wishing to remain anonymous

    Hi,

    I have been tasked with completing my institution's Customer Information Risk Assessment (GLBA).  The one that is currently in place is fairly basic and does not have much besides the threat, probability, impact, controls.  Does anyone have a template they would be willing to share that might be more thorough?

    Thanks!



  • 2.  RE: Customer Information Risk Assessment

    Posted 08-16-2024 12:50 PM

    While I don't have a template for you to follow, this guidance from the FDIC (https://www.fdic.gov/system/files/2024-07/siwinter09-article3.pdf) outlines the goals, as outlined in updated interagency guidance (https://www.ecfr.gov/current/title-16/chapter-I/subchapter-C/part-314), and common gaps examiners see when reviewing customer information risk assessments, which may provide additional guidance for you, if you've not reviewed it. I'm interested in what other members may comment, as every FI should be performing this step as a basis for protecting customer information.