IT Examiner School - Oct 2025

First page Table of contents Previous page 125 Next page Last page

Internal Use Only

GLBA Safeguards Rule — Risk Assessment Checklist

Written & Documented risk assessment exists Comprehensive scope includes systems, data, and third parties Identify internal & external threats

Analyze likelihood & impact with clear criteria Evaluate existing safeguards and residual risk Board/Senior Mgmt reviews and approves Update annually and when significant changes occur Include third-party/vendor risks Trace risks → controls → management approval

Internal Use Only

Made with FlippingBook Learn more on our blog