Skip to main content

GLBA Compliance Program

GLBA Compliance Program

Overview

The 1999 Gramm-Leach-Bliley Act (GLBA) requires the university to implement security controls to protect and safeguard the private financial information that it processes in the course of its institutional operations as mandated by the Federal Trade Commission. These operations include granting financial aid, providing student loans, and the storage, transmission, and sharing of nonpublic private information (NPPI). The Information Security Compliance department coordinates and administers the GLBA program as outlined in University Policy (50.3.11 [PDF]). Key program components include periodic risk assessments, an awareness and training program, service provider oversight, remedial activity, and program improvement and adjustment.

Program component details:

  1. Risk assessments to be conducted within GLBA departments and service providers who transmit, store, and process Non-Public Private Information (NPI), which are based on the NIST SP 800-171 standard
  2. Formalized online training to be provided to all staff of identified GLBA departments
  3. Remediation activity plan of action to be implemented to address and correct vulnerabilities revealed in the risk assessments
  4. Adjustments made to improve the GLBA program

Review additional resources below for policy and training requirements.

GLBA program support and additional resources

GLBA training

Register for this training upon management approval.

GLBA policy requirements

Learn more about the policy's role at Rutgers.

Inquiries

Contact us with additional questions regarding the GLBA.