Skip to main content

GLBA Compliance Program

GLBA Compliance Program

Overview

As mandated by the Federal Trade Commission (FTC), the 1999 Gramm-Leach-Bliley Act (GLBA) requires the university to implement appropriate security controls to protect and safeguard the private financial information that it processes during institutional operations . These operations include (but are not limited to): granting financial aid, providing student loans, and the storage, transmission, and sharing of nonpublic private information (NPPI). The Information Security Compliance and Training Team coordinates and administers the GLBA program as outlined in University Policy (50.3.11 [PDF]). Key program components include: periodic risk assessments, an awareness and training program, service provider oversight, remedial activity, and program improvement and adjustment.

Program component details:

  1. Risk assessments to be conducted within GLBA departments and service providers who transmit, store, and process Non-Public Private Information (NPI), which are based on the NIST SP 800-171 standard
  2. Formalized online training to be provided to all staff of identified GLBA departments
  3. Remediation activity plan of action to be implemented to address and correct vulnerabilities revealed in the risk assessments
  4. Adjustments made to improve the GLBA program

Review additional resources below for policy and training requirements.

GLBA program support and additional resources

GLBA training

Register for this training upon management approval.

GLBA policy requirements

Learn more about the policy's role at Rutgers.

Inquiries

Contact us with additional questions regarding the GLBA.