GLBA Annual Summary Report Template

Download Free GLBA (Gramm–Leach–Bliley Act) Annual Summary Report Template

SAMPLE ANNUAL REPORT ON THE STATUS OF THE INFORMATION SECURITY PROGRAM

From: Information Security Officer
To: Board of Directors

Subject: Information Security Program Summary Report

This summary report will describe the overall status of the information security program and will discuss material matters relating to: risk assessment; risk management and control decisions; service provider arrangements; results of testing; security breaches or violations, and management's response; and recommendations for changes to the Information Security Program.

RISK ASSESSMENT
[insert a description of the risk assessment process]

RISK MANAGEMENT AND CONTROL DECISIONS
[insert a description of the results or decisions made from the risk assessment process]

SERVICE PROVIDER ARRANGEMENTS
[insert a description of the due diligence performed for critical vendors]

RESULTS OF TESTING
[insert a description of the audit/testing program that determine that controls were in place and working as intended]

SECURITY BREACHES OR VIOLATIONS
[insert a summary of security breaches or violations that have occurred since the previous report]

Management's Response to Security Breaches or Violations: [insert a brief description of management's response to the aforementioned security incidents, if any]

RECOMMENDED CHANGES TO THE INFORMATION SECURITY PROGRAM
[insert a description of any recommended changes to the information security program]