Gramm-Leach-Bliley Act (GLBA)

Compliance Solutions

Gramm-Leach-Bliley Act (GLBA)

Reporting and audit compliance for companies that process personal data

The Gramm-Leach-Bliley Act (GLBA) establishes a number of control requirements to protect the security and privacy of individuals’ financial information. The privacy requirements include disclosures of information that is collected, stored, or distributed, and the ability for a customer to opt-out of certain information usages.

Aldon and Gramm-Leach-Bliley Act

In typical implementations, your customers’ financial data would never be stored directly within Rocket® Aldon Lifecycle Manager. While Aldon Lifecycle Manager (LM) maybe used to develop products that fall under the requirements of GLBA, the underlying code of those products, such as the data stored in LM, should not itself contain financial data. GLBA, therefore, will have limited applicability to an organization’s use of LM. However, other processes required by GLBA may be served or aided by the use of the Rocket® Aldon Community Manager (CM) workflow management module.

Relevant criteria and capabilities

GLBA Requirements

Rocket Aldon Lifecycle Manager Capabilities

III(C)(1)(d)

Procedures designed to ensure that customer information system modifications are consistent with the institution's information security program.

Community Manager supports workflows for changes and development activities such as requests, approvals, testing, acceptance, and any other stages required by an organization’s policies.

Aldon LM supports multiple development environments that are customizable by the organization, such as development, test, staging, and production.

The Harmonizer module highlights changes to code, and supports formal, independent reviews of code changes before promotion to ensure that changes are in accordance with an approved work order. All actions within Aldon LM and its associated modules, including code changes and promotions, are fully logged and reportable.

III(C)(1)(e)

Dual control procedures, segregation of duties, and employee background checks for employees with responsibilities for or access to customer information.

Access for individual users to access, modify, or approve code can be assigned for specific projects, release versions, and environments. Developers can be restricted from making changes to software in testing or production. The ability to migrate between development, test, and production environments can also be restricted to appropriately segregated users.

The Community Manager module supports automated, system-driven workflows that may include employee onboarding and background check processes.

III(C)(2)

Train staff to implement the institution's information security program.

The Community Manager module supports automated, system-driven workflows that may include information security training programs.

Questions? Call us: U.S.+1 855-577-4323