The FFIEC guidelines, Interagency Guidelines Establishing Standards for Safeguarding Customer Information, in conjunction with the Gramm-Leach-Bliley Act, mandate requirements for protecting non-public customer information. The complex nature of customer information creates challenges in implementing an effective privacy program and ensuring ongoing compliance.
CUSAG, LLC (CUSAG) conducts various annual monitoring activities as well as point in time requirements for maintaining confidentiality of its customer’s information. On an annual basis CUSAG completes a risk assessment of operations, systems, processes and third-party relationships involved in handling customer information. In addition to the risk assessment an assessment of threats regarding unauthorized access, misuse, alteration and destruction of customer information and identify, at a high-level, the mitigating controls to lower the potential impact of these threats.
CUSAG deploys an IT Enterprise Risk Management framework that identifies potential threats and risks to the CUSAG’s operations. This framework identifies internal and external threats to the CUSAG’s IT environment.