CONTROLS AUDIT

Verify your controls, expose potential risks, and ensure community confidence.

PROTECTION

ENSURE COMPLIANCE AGAINST
CURRENT RISKS & BEST PRACTICES

Cybercriminals are hoping you stop at compliance. They’re counting on your financial institution conducting a bare minimum GLBA or NCUA audit. This gives malicious actors a fairly easy “in” to breach your environment, steal customers’ non-public personal information (NPI), and sully your hard-earned community reputation.

This is why BAI’s Controls Audit goes far beyond just verifying your policies and procedures against regulatory compliance. We go the extra mile to examine your protocols in light of present-day best practices in IT security and emerging hacking methods that could compromise your environment. This is what we call BAI’s Compliance-PLUS Protection.

VERIFY YOUR CONTROLS

Our exhaustive Controls Audit verifies your institution’s existing controls against regulatory standards (GLBA or NCUA), as well as present-day banking best practices. As part of our audit process, BAI Security’s team of in-house compliance experts review the following key areas:

  • Management and IT Governance (including Cybersecurity Preparedness)
  • Development and Acquisition
  • Information Technology Operations
  • Electronic Payment Systems/Hosted and Managed Applications (including e-Banking)
  • 3rd Party Vendor Management
  • Business Continuity and Disaster Recovery (including Appendix J)

COMPLY WITH EASE

BAI Security takes the anxiety out of the controls audit process by evaluating current policies and procedures, and by performing a readiness assessment to see if your organization has met regulatory standards. We identify internal controls and policies to see if they work effectively to keep non-public information (NPI) safe and secure. In addition, we provide a gap analysis to identify issues unique to your environment, and we provide guidance on how your organization can become compliant.

ENSURE CUSTOMER CONFIDENCE

With BAI’s comprehensive Controls Audit, you can implement the necessary changes to your information security programs and policies to keep customer information private. We provide customized analysis and guidance so you can reach compliance standards and have a written information security plan in place that adequately protects customer and consumer records. By abiding by the Safeguards Rule, your institution can build trust and confidence among your customers and community, as they are assured that their information will be secure.

Download Our Controls Audit Brochure

DOWNLOAD BROCHURE
Play Video
MORE ABOUT

GLBA

The Gramm-Leach-Bliley Act is a U.S. federal law created to control how financial institutions deal with a consumer’s non-public personal information (NPI). This is information that a financial institution collects when providing a financial product or service that can identify an individual and that isn’t otherwise publicly available.

  • The Privacy Rule, which regulates the collection and use of NPI
  • The Safeguards Rule, which requires financial institutions to implement a security program to protect NPI
  • Pretexting provisions, which prohibits access to NPI under false pretense
  • Ensuring the security and confidentiality of NPI
  • Protecting against unauthorized access which could cause substantial harm or inconvenience to any customer
  • Protecting against any threats which might affect the security or integrity of NPI

GLBA applies to all businesses, regardless of size, that are “significantly engaged” in providing financial products or services to consumers. This includes many companies not traditionally considered to be a financial institution such as check-cashing businesses, payday lenders, mortgage brokers, nonbank lenders, personal property or real estate appraisers, retailers that issue branded credit cards, professional tax preparers, and courier services. The law also applies to companies like credit reporting agencies and ATM operators that receive information about customers of other financial institutions. GLBA compliance is mandatory. Whether or not a financial institution discloses NPI, there must be a policy in place to protect the information from foreseeable threats in security and data integrity.

GLBA calls for severe civil and criminal penalties for noncompliance, including fines and imprisonment. If a financial institution violates GLBA, the following penalties may be issued:

  • The institution will be subject to a civil penalty of not more than $100,000 for each violation.
  • Officers and directors of the institution will be subject to, and personally liable for, a civil penalty of not more than $10,000 for each violation.
  • The institution and its officers and directors will also be subject to fines in accordance with Title 18 of the United States Code or imprisonment for not more than five years, or both.
TESTIMONIALS

VALIDATED EXCELLENCE

Here's what your industry peers are saying about BAI Security:

Far more extensive test than any we have had in the past... The reps are 100% on your project and always available to give you feedback.

CISO

TX
Price was right, service was excellent, and the final deliverables were outstanding. Great team.

Chief Innovation Officer

DE
The professional experience and technical expertise made the choice an easy one… exceptional results. We are completely satisfied.

IT Director

NC
Outstanding platform for vulnerability remediation. Everyone I talked to from sales folks to technical experts were all great to work with and very knowledgeable.

VO of IT

PA
The price for the Security Assessment was unbeatable and I’ve always been happy with the service. I look forward to working with them again!

AVP of IT

AL
Most professional staff and competitive pricing.

IT Director

IA
I love how in the final deliverables recommendations are provided. I've seen other solutions (and past vendors) who simply tell you what's wrong without any help to remediate... The team was fantastic with persistent yet professional communications.

Director of IT

VT
The dedicated engineer that learns our environment is huge! Also, the reporting is as high level or granular as you need it to be.

VP and Director of IT

PA
Best ‘bang for the buck’ as compared to the five other vendors I evaluated. Comprehensive service offerings at a cost-competitive price point.

VP/CTO

NM
BAI specializes in security. The other firm we were using was more of a MSP. I like that BAI was a company just for security.

IT Manager

IL
Continuous professionalism and extensive audit for pen testing, controls, vulnerabilities, and firewall best practices.

VO of IT

NM
The experience was great, and I felt that BAI had my back. The techs were great to work with and helped me resolve security issues. They were working with me to correct issues other than just pointing out what was wrong.

VP/CIO

MI
Your people are excellent, and the report was easy to understand.

SVP

CO
BAI Security provided excellent service.

IT Security Officer

ND
BAI provided the exact service we needed, when we needed it and gave us exactly the results we needed.

IT Director

NC
Fast and effective communication.

IT Director

CA
CONTACT

READY TO LEARN MORE?

We’re here to discuss your upcoming IT security assessment and compliance audit needs.

CONTACT US SCHEDULE A CALL