X-GLBA-ISP Informational

Maintain a GLBA Safeguards-Rule Information Security Program

Official citation: GLBA Safeguards Rule (16 CFR 314)

Class: informational · Severity: medium

Statement of the obligation — verify against source

GLBA Safeguards Rule (16 CFR 314)

What it means

GLBA's Safeguards Rule requires a documented, governed security program for customer financial information — not just controls, but named accountability and a yearly report to leadership. The 2021/2023 updates added concrete duties like MFA, encryption, and a written incident-response plan.

Required by

— SEC Reg S-P
GLBA — 16 CFR 314
— NAIC Model Law
— GLBA Title IV
— 16 CFR 314

Educational reference only — not legal advice. Consult a qualified assessor or attorney for binding compliance determinations.