Why Use TRAC?

The Situation:

The Gramm-Leach-Bliley Act (GLBA) requires all financial institutions to develop and implement a comprehensive, written Information Security Program (ISP) which defines administrative, technical and physical safeguards designed to protect the confidentiality of customers' nonpublic financial information that is held in the institution's possession. The program must be a written plan that identifies risks, the impact and probability of those risks and implemented controls designed to ensure the security and confidentiality of information as well as the proper disposal of such information.

The Problem:

There is little guidance available about the IT risk assessment process. Regulators are requiring financial institutions to complete a risk assessment or have determined that the current risk assessment is not adequate. How does a bank comply with the Gramm-Leach-Bliley Act and rectify regulator findings?

The approach is based on manual input into Word and Excel documents. How can the assessment be conducted with less effort and error?

The process is time consuming. Developing and maintaining all these documents, researching new IT concerns and new policy implementation can take a lot of time. How can this process become more efficient, while maintaining its effectiveness?

This is costly. Resources are needed to develop, maintain and implement an ISP.

In the end, it still does not drive the ISP. The risk assessment should be the driving force behind the financial institutions IT decisions, including the audit and disaster recovery programs.

After all this, you still ask "Do I have it right?" Do the Board and management understand the program and communicate its objectives to the employees and regulators of the financial institution?

The Solution:

Effective, efficient, and with a whole lot less effort, TRAC™ is the answer to a bank’s risk assessment problems. With a completely redesigned methodology, risk assessment is driven by the ISP and adds value to your community bank.

The report (at right) is the output of TRAC's™ automated risk assessment process. This is a great board or management report because the bank’s assets are sorted by residual risk all on one document.

Management can develop plans to reduce risk on assets with a residual risk above a certain level or color. A bank’s management drives this program. For example, an auditing program can be developed as follows: assets with a dark blue protection profile will be audited on a 72 month rotation, medium blue in 24 months and light blue in 36 months. Management is now driving the audit program from the risk assessment. Strategic decisions can be made based on the risk assessment.