GLBA

What is GLBA?

The Gramm-Leach-Bliley Act is a federal law regulating the collection and disclosure of private financial information. GLBA also requires financial institutions to develop, implement, and maintain administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of consumer financial information.

Who does GLBA apply to?

GLBA applies to financial institutions and includes all businesses, regardless of size, that are "significantly engaged" in providing financial products or services. This includes, but is not limited to, mortgage brokers, nonbank lenders, professional tax preparers, and payday lenders.

How does Eyonic support GLBA Standards?

In a continuing effort to ensure data confidentiality, integrity, and availability, Eyonic strives to maintain industry compliance for data protection, handling, and accessibility. As such, we provide for the following aspects of GLBA Compliance:

Requirement:

Eyonic's Online Backup Provides:

Written Information Security ProgramWe have a comprehensive written Information Security Plan that clearly documents our policies and procedures for all aspects of our services. This Plan includes security controls that safeguard customer information by preventing and detecting the unauthorized creation of, addition to, modification of, or deletion of records. We ensure that our staff understand the importance of our Plan and operate by all policies and procedures. The Plan is reviewed annually to ensure it continues to meet the needs for which it was created in the evolving environments of business and technology.
Board Oversight Our Board of Directors oversee our information security policy, are actively engaged with its policies and procedures, as well as working with our employee practices development team to ensure we take every reasonable precaution to safeguard our customer's data at all times.
Administrative SafeguardsAs part of our security controls, each employee is given a clearly defined set of roles and responsibilities in protecting our customer's data. Employees are trained about the importance of information security, sign customer confidentiality agreements, and employee access is based on the lowest permissions necessary to accomplish the responsibilities assigned to them.
 A set of clearly defined policies and procedures for all of our services ensure our staff understand and cooperate with these procedures.
Physical
Safeguards
Physical access to our data centers is limited and strictly controlled. Only those employees with a demonstrated need are permitted access. Access is controlled by a series of technical controls such as physically keyed and/or combination locks on cabinets and safes. Physical access is documented and logged.
 Third-party data centers are not used in conjunction with our services.
Technical
Safeguards
To ensure the secure transmission and maintain the integrity of customer information, we utilize industry standard 256-bit encryption for all documents in transit.
 Customer information is disposed of in a secure way including, but not limited to, micro-cut shredding of paper documents, and NSA, HIPAA and HITECH compliant drive destruction for broken or replaced storage media.
 Activity logs include the complete audit history of who accessed, modified, or deleted files stored within our services.
 Access to files is available only to customers using valid credentials through an authenticated login; no anonymous sharing of files.
 Internal support personnel may access customer accounts for support purposes only, but cannot open, modify, or alter files in any way. Support personnel with this access are limited to the lowest access level necessary while still providing sufficient customer support.
 Granular access controls allow access to be granted based on the user and/or folder level depending on the service type.
Ongoing
Process
Part of our security controls are to continually gather and analyze new information regarding security threats and vulnerabilities to keep all systems as secure and up to date as possible.
 We promptly revise our controls and procedures to adapt to new threats as they arise and ensure the effectiveness of our policies.
Risk Assessment & Remediation We annually evaluate our own internal controls and processes for effectiveness and accuracy to verify the best possible policies and procedures are in place.

What does it all mean?

Private information, financial or otherwise, stored with Eyonic Systems does not get shared, viewed, distributed, monitored, or copied by any third party which helps support GLBA compliance for financial institutions and those businesses "significantly engaged" in providing financial products or services. GLBA is a financial institution obligation and Eyonic Systems takes every reasonable safety precaution to protect the integrity of all private information stored within, which provides our customers with the tools needed to work in a GLBA-compliant manner.

To learn more about GLBA Compliance, regulations and consumer protections, please visit the FTC Gramm-Leach-Bliley Act Guidance page.