National Credit Union Administration (NCUA)


Guidelines for Safeguarding Member Information for Implementing GLBA


12 CFR Part 768 







Assess Risk – Each institution shall: “Identify foreseeable internal and external threats that could result in unauthorized disclosure, misuse, alteration, or destruction of customer information or customer information system


  • UpTym Networks proactively scans your networks, systems and apps for more than 800 different vulnerabilities and automatically prioritizes the severity of each to help identify and mitigate the biggest security risks
  • UpTym Networks patch assessment reduces the costs of keeping your infrastructure current with Microsoft security patches by automating the identification, prioritization and mitigation of Windows security patch vulnerabilities


Manage and Control Risk – Each institution shall: “Regularly test the key controls, systems and procedures of the information security program…tests should be conducted or reviewed by independent third parties or staff independent of those that develop or maintain the security programs.”

  • Access controls on customer/member information
  • Access restrictions at physical locations containing customer/member information
  • Monitoring systems and procedures to detect actual and attempted attacks on or intrusions into customer information systems


  • Vulnerability scanning
  • Patch assessment
  • Firewall monitoring
  • Real-time intrusion monitoring; monthly summaries on use of admin. password including; login/logout activity, failed login details; account modifications
  • Automated security alerts, notification, and escalation capabilities
  • Time-based escalations
  • User-customizable threshold-settings to control and focus alerts


Oversee Service Providers – Each institution shall “Require its service providers by contract to implement appropriate measures to meet the objectives of these guidelines”


Financial institutions can direct service providers to use UpTym Networks to satisfy the Gramm-Leach-Bliley Act Guidelines


Adjust the program – “Each institution shall monitor, evaluate, and adjust as appropriate, the information security program in light of any relevant changes in technology, the sensitivity of its customer information, internal or external threats to information, and the institution’s own changing business arrangements, such as mergers and acquisitions, alliances and joint ventures, outsourcing arrangements and changes to customer information systems.”


UpTym Networks helps financial institutions to instantly react to any change in security technology, new threats, and new business arrangements.


Report to the Board – “Each institution shall report to its board or an appropriate committee of the board at least annually.  This report should describe the overall status of the information security program and the institution’s compliance with these Guidelines.  The reports should discuss material matters related to its program, addressing such issues such as: risk assessment, risk management and control decision, service provider arrangements; results of testing; security breaches or violation and management’s responses; and recommendations for changes in the information security program.


Security data revealed by powerful UpTym Networks reporting capabilities presents a comprehensive, organized snapshot of a network’s security risks, easily understood by executive level managers.


Implement the standards – “Each institution must implement an information security program pursuant to these guidelines by July 1, 2001.” (A grandfathering or agreements with service providers expires on July 1, 2003.)


As a Web-based tool service, UpTym Networks requires no special installation or provisioning, users get immediate compliance with these Guidelines.