Skip to content
Cyber Compliance

GLBAISO 27001 crosswalk

A control-by-control mapping between GLBA Safeguards Rule (16 CFR Part 314) and ISO/IEC 27001:2022. 9 mappings.

GLBAISO 27001RelationshipNotes
§314.4(a)
Designate a qualified individual
A.5.1
Policies for information security
RelatedCurated
Gouvernance et politique de sécurité
§314.4(c)(1)
Access controls
A.5.15
Access control
EquivalentCurated
Contrôle d'accès et identité
§314.4(c)(1)
Access controls
A.5.16
Identity management
EquivalentCurated
Contrôle d'accès et identité
§314.4(c)(3)
Encryption of customer information
A.8.24
Use of cryptography
EquivalentCurated
Cryptographie et protection des données
§314.4(c)(8)
Monitoring and logging of authorized user activity
A.8.16
Monitoring activities
EquivalentCurated
Journalisation, surveillance et détection
§314.4(c)(8)
Monitoring and logging of authorized user activity
A.8.15
Logging
EquivalentCurated
Journalisation, surveillance et détection
§314.4(d)
Regularly test or monitor safeguards
A.8.8
Management of technical vulnerabilities
PartialCurated
Gestion des vulnérabilités
§314.4(h)
Incident response plan
A.5.24
Information security incident management planning and preparation
PartialCurated
Réponse aux incidents et notification des violations
§314.4(h)
Incident response plan
A.5.26
Response to information security incidents
PartialCurated
Réponse aux incidents et notification des violations

Mappings marked “Official” derive from standards-body informative references; “Curated” mappings are authored by Cyber Compliance and provided for guidance only.