GLBA, SOX, & PCI-DSS

    Financial Compliance Made Easy

    Protect customer data while maintaining a high standard of integrity. Our secure platform enables fast, easy file sharing that’s compliant with the major security frameworks of the banking and financial services industry.

    GLBA

    Keep Your Customers’ Data Safe

    GLBA compliance starts with how your organization interacts with its customers. Protecting customer data from being accessed by unauthorized parties must be a priority throughout your organization. 

    Banks and financial institutions must also communicate to customers how their financial data will be used and who it will be shared with. Customers must also be given the opportunity to opt out if they’re not willing to have their information shared with third parties. 

    Sharetru’s Advanced Security and Compliance Add-on provides you with IDS, IPS, and virus and spyware protection so you can share private data with confidence.

    The Gramm-Leach-Bliley Act (GLBA) is also known as the Financial Modernization Act of 1999. It is a U.S. federal law that requires financial institutions to explain how they share and protect their customers’ private information. 

    Part of this law is the Safeguards Rule, which ensures that those under GLBA jurisdiction have specific means to protect private information. According to the rule, GLBA adherents must “develop, implement, and maintain administrative, technical, and physical safeguards to protect the security, integrity, and confidentiality of customer information.”

    With advanced multistage encryption, comprehensive access control, and a full suite of top-notch security features, our platform sets you up for smooth, GLBA-compliant file sharing.

    How Sharetru Helps You Maintain Compliance

    We follow critical cybersecurity regulations to ensure your data is protected. Our private cloud-based platform provides fast, easy file sharing that meets the standards of major industry compliance frameworks.

    ShareTru Icons_Access Controls
    Access Controls Enable admins to assign specific access rights to individual user accounts, authorizing users to perform specific actions. You can also restrict site access by user to prevent people from using specific IP addresses to access your site.
    ShareTru Icons_Multistage Encryption
    Multistage Encryption

    Encrypt your data at rest and in transit using the latest standard of cipher strength. All of our file transfers across SFTP are encrypted using AES-256 cipher strength and FTPS / HTTPS transfers are encrypted following TLS 1.2.

    ShareTru Icons_User Suspension
    User Suspension Automatically disable authentication for users based on the number of days since their last activity, or suspend them manually with the click of a button. You can also schedule suspensions in advance so you won’t have to remember to do it.
    ShareTru Icons_Multi-Factor Authentication
    Multi-Factor Authentication Require all users or only specific users to use MFA via OTP and allow site admins to restrict the delivery methods of One-Time Passcodes to email, SMS, or TOTP mobile apps. You can also allow users to choose the method themselves.
    ShareTru Icons_Delineated Roles
    Delineated Roles

    Segment privileges into three roles — Administrator, Team Manager, and User — to simplify compliance with GLBA. Our platform keeps your data secure by limiting what employees, applications, and system processes can access.

    ShareTru Icons_Automatic Logoff Copy-26
    Immutable Log Files

    Keep immutable audit logs for as long as you need to ensure the security of your data. Admin and file logs help you track user activity throughout the entire system so you always know who took what actions.

    ShareTru Icons_Email Journaling
    Email Journaling

    Consolidate notifications about your message traffic into an internal mailbox of your choice to create a neatly sorted record of emails for faster access within your company’s email application. You can keep the mailbox private or grant access to selected users.

    ShareTru Icons_User Jailing
    User Jailing

    Add an extra layer of security for your site with basic user-to-folder relationships. Configure your sitewide settings so that users can’t access or navigate to any location outside their home folders.

    SOX

    Establish Controls to Enable Compliance

    The goal of all your SOX-based compliance measures should be to protect all financial data. Many companies take the step of encrypting all of their sensitive financial data, guarding it against unauthorized access. 

    Besides data encryption, your organization should also have appropriate security controls in place to prevent data loss or alteration. Following cybersecurity best practices with regard to granular access controls, user passwords, and file sharing security helps you protect SOX-covered information.

    Our platform provides robust baseline security features out of the box, while our Advanced Security and Compliance Add-on gives you the support you need for SOX-compliant file sharing.

    The Sarbanes-Oxley Act (SOX) was passed in 2002 to ensure the protection of shareholders and citizens from the accounting errors and fraudulent practices of enterprises. It also helps to confirm the accuracy of these businesses’ public disclosures. 

    Since all public companies have to comply with SOX, understanding the steps your organization must take to maintain compliance is essential. To stay SOX-compliant, public companies must:

     

    • Issue periodic financial statements to be audited by third-party auditors
    • Promptly report to the public any significant changes to the company’s financial situation
    • Establish internal controls to detect and prevent fraud, as well as to preserve the integrity of the company’s financial data
    • Provide an annual management assessment of internal controls to be approved by third-party auditors
    PCI-DSS

    Be Confident in Your PCI-DSS Compliance

    All of our servers are located within a highly secure data center in the U.S. Those servers also live within a cloud infrastructure that is both PCI compliant and certified by VISA. 

    Sharetru enables you to restrict access to users, assign a unique ID or login to each employee, and limit physical access to sensitive data. For advanced protection, our customers’ file sharing sites are hosted behind hardware and software firewalls. 

    With our platform, you also have the ability to require your users to connect to your file sharing site using encrypted protocols with no exceptions, keeping your customer data safe and sound.

    The Payment Card Industry Data Security Standard (PCI-DSS) is a set of requirements governing the security of account data for organizations that handle cardholder information for the major debit, credit, prepaid, e-purse, ATM, and POS cards. 

    Information like account numbers, cardholder names for credit cards and other forms of payment information, expiration dates, and more fall under the requirements of PCI-DSS. These requirements are particularly necessary for the healthcare and financial services industries, where a data breach could result in identity theft and irreparable damage to a company’s reputation.

    Sharetru provides every possible control for you to securely safeguard cardholder information compliant with PCI-DSS security standards.

    Steer Clear of Expensive Damages

    Executives may be ordered to pay up to $1 million in fines and could be imprisoned for 10 years for knowingly certifying financial reports that don't comply with SOX requirements.

    Violations of GLBA can also result in expensive penalties and jail time, such as:

    $100,000 fines levied on financial institutions for each violation
    $10,000 fines to be paid by individuals in charge for each violation
    Up to 5 years in prison for individuals found in violation

    Fines for violating PCI-DSS typically range from $5,000 to $100,000 per month and can be increased based on the period of non-compliance. 

    That’s why it’s absolutely essential that your data storage and transfer platform helps you cover all your bases when it comes to compliance. Sharetru does exactly that and more.

    In addition to shielding your organization from significant financial penalties, complying with GLBA, SOX, and PCI-DSS protects nonpublic information. This in turn builds trust and loyalty, supporting your customer retention.

    Because of the onslaught of malware and ransomware attacks on financial institutions, having a robust cybersecurity defense is vital to your business. Most security threats come from within an organization, so it’s important for you to be able to track your users’ activity quickly as our platform enables you to do.

    The potential fines your organization could face for violations of GLBA, SOX, or PCI-DSS are considerable. It’s crucial that you equip your organization with a secure file sharing solution like Sharetru, which makes it much easier to comply with these key frameworks.

    Helping You Meet the Control Objectives

    The latest version of PCI-DSS identifies 12 requirements for compliance which are organized into six related control objectives. With our platform, you can be sure you’re meeting those requirements when you store and transfer data from anywhere in the world.

    Build and Maintain a Secure Network

    To decrease the risk of unauthorized access, we never use default system passwords. We also maintain a secure firewall at the perimeter of our network to protect your customer data from breaches.

    Protect Cardholder Data

    All platform subscriptions include encrypted protocols, and you can control the use of encrypted transmission. We recommend pre-encryption but do offer automated server-side encrypted storage mechanisms.

    Maintain a Vulnerability Management Program

    To further reduce the risk of compromising your customer data, we reinforce the security of our platform by configuring our office systems, such as Windows desktops, with regularly updated anti-virus software.

    Implement Strong Access Control Measures

    Our platform enables you to assign unique login IDs to users. We operate in a high-security data center that requires biometric + card + pin for physical access, and our servers are safe inside locked cabinetry.

    Regularly Monitor and Test Networks

    To help you track and monitor all access to network resources and customer data, we log all historical access activity and make those detailed logs available to you at all times. We also routinely test our system for vulnerabilities.

    Maintain an Information Security Policy

    Our security policy helps to ensure your folders and data transmissions are secured, your users must comply with essential controls like password strength and encrypting transmissions, and your auditors can verify everything.

    sharetru-symbol-white

    Let Us Show You

    You don’t have to just take our word for it. We’ve been leading the charge in secure online file sharing since the beginning, and we’d love to show you how we do it. Schedule your demo today.

    Book Your Demo