FFIEC / GLBA
The Gramm-Leach-Bliley Act (GLBA) of 1999 first established a requirement to protect consumer financial information. Financial services regulations on information security, initiated by the GLBA, require financial institutions in the United States to create an information security program to protect the security, confidentiality, and integrity of such information. The Federal Financial institutions Examination Council (FFIEC) supports this mission by providing extensive, evolving guidelines for compliance. OneLogin does not store consumer financial information, but has mapped its controls framework to FFIEC guidelines to validate that we are able to comply with GLBA if the need arose. This control framework is tested as part of the SOC 2 Type 2 reports.
What’s the primary purpose of this initiative?
Validate that OneLogin would be able to comply with FFIEC guidelines designed per GLBA requirements to protect consumer financial information.
What’s the scope?
OneLogin’s security controls evaluated against the FFIEC guidelines for testing compliance with GLBA.
How often are you evaluated/audited?
The security controls aligned with FFIEC guidelines for the testing GLBA requirements are tested as part of the periodic SOC 2 Type 2 Report Audits.
Who performs the evaluation/audit?
Grant Thornton LLP performs the SOC 2 Type 2 Report audit.
Who is the primary audience?
Customers and relevant third parties with a business need.
Where can I get a copy of the report/certificate?
The evaluation of the security controls aligned with FFIEC / GLBA Security Requirements is performed as part of the SOC 2 Type 2 Report Audits. Customers and relevant third parties can request the latest report from their Account Executive, Business Development, or Customer Success contact.