The FTC Safeguards Rule:
Get the Cybersecurity You Need to Be Defensible
Your Cybersecurity Plan Starts Here
Protecting your business starts with protecting your sensitive data. TPx can help you create, and maintain a cybersecurity program aligned with FTC Safeguards requirements.
What is the FTC Safeguards Rule?
According to the Federal Trade Commission (FTC), The Safeguards Rule requires institutions that engage in significant financial activities to have measures in place to keep customer information secure. Companies that are non-compliant can face costly penalties.
To learn more about the FTC Safeguards Rule, download our FTC Safeguards Rule Compliance Guide.
Who is Impacted by the FTC Safeguards Rule?
Any entities that engage in significant financial activities need to comply with the FTC Safeguards Rule. This requires non-banking financial institutions, such as mortgage brokers, financial advisors, and auto dealerships, just to name a few. Businesses with less than 5,000 customer records are exempt from certain requirements, but nonetheless still need to follow certain provisions of the rule.
View the FTC’s guidelines for more information on whether your organization falls under the FTC Safeguards Rule.
Become Defensible With the FTC Safeguards Rule
Develop, implement, and maintain an information security program with administrative, technical, and physical safeguards designed to protect customer information. Your information security program must be written and it must be appropriate to the size and complexity of your business, the nature and scope of your activities, and the sensitivity of the information at issue.
To learn about the specific actions you must take, download our FTC Overview Infographic.
Can you answer "Yes" to all the questions below?
If not, let the security experts at TPx help your organization be more prepared and secure. Get in touch with our experts using the form below.
- Has your organization designated a qualified individual to supervise information security efforts?
- Has your organization run a vulnerability assessment every 6 months and a penetration assessment annually?
- Are your current data inventory efforts (storage, backup, etc.) designed to keep an accurate and consistent list of company data?
- Is multifactor authentication (or two-factor authentication) required for all systems and employees accessing the network?
- Is your staff trained on information security awareness in a continuous manner (multiple times a month, every month)?
- Does your organization currently have a documented and defined Incident Response Plan?
- Have you validated the security of your IT service providers?
- Is your organization disposing of customer information no later than two years after its most recent use?
- Are you continuously monitoring your systems?
- Has your designated qualified individual summarized the state of your security program for leadership of your organization?
Just Because You are Compliant Today Doesn’t Mean the Work is Over
Cybersecurity isn’t something you can set and forget. While the FTC Safeguards deadline to become compliant may have passed, the real work begins. Your business needs to continuously monitor, manage, and maintain your cybersecurity plan in order to remain compliant under FTC Safeguards Rule guidelines. You could be officially audited and fined by the FTC if your business is found with any violations. TPx can help you remain defensible.
How TPx Helped a Legal Firm Become Defensible
for the FTC Safeguards Rule
The Safeguards Rule requires institutions that engage in significant financial activities to have measures in place to keep customer information secure. All the requirements can be overwhelming and expensive for many businesses, so TPx has services to make it easy and affordable.
Helping Businesses Everywhere
Strengthen Their Security Posture
"We decided to bring TPx to help with FTC Safeguards Rule Compliance. The new rule was too complex for our small business. TPx assessed our security program with a gap assessment and helped us create various security policies to give us the peace of mind that we sought. This process was not easy initially, but TPx has made it very manageable. We are grateful to have the weight lifted off our shoulders and be able to run the daily operations."
Maryrose DiazCredit Collection Compliance Officer (CCCO)(CCCP)(PCS) Grant Mercantile Agency, Inc.
“We get what we pay for and more with TPx’s comprehensive cybersecurity expertise. We consider them a long-term partner.”
Jaz JacksonExecutive Administrator Grower’s Secret
“Being accountable to my board for making wise financial decisions that impact the budget and especially picking a vendor with the technical and managerial prowess to protect our organization from the growing threats in the InfoSec area is important. We accomplished both with TPx.”
Scott PurcellCEO ACA International
Previous
Next
Trusted Cybersecurity Services for Every Business
FTC Safeguards Rule Compliance Guide
As security threats continue to evolve and become much more sophisticated, businesses need to ensure their data and environment are secure. The Safeguards Rule helps do just that.
How TPx Can Help
TPx can help you create and maintain a cybersecurity program aligned with FTC Safeguards requirements. We have different solutions depending on the individual needs of each business.
Prepare your Business for the Safeguards Rule
Do you have any questions about how to remain defensible in accordance with FTC Safeguards Rule requirements? Schedule a free consultation with our security experts. We can answer any of your questions.
"*" indicates required fields
Call Now to Speak to a Security Expert
Chat with our Cybersecurity Experts
Calculate your Cybersecurity Risk
FTC Safeguards Rule FAQ
The Safeguards Rule requires any institutions engaged in significant financial activities to have measures in place to keep customer information secure.
The Safeguards Rule requires all non-banking financial institutions to comply. However, the definition of “financial institution” can be confusing as it encompasses any businesses, regardless of size, that are “significantly engaged” in providing financial products or services. This includes, check-cashing businesses, payday lenders, mortgage brokers, nonbank lenders, personal property or real estate appraisers, professional tax preparers, and courier services.
According to the Code of Federal Regulations, § 314.2(h), if your institution is engaged in significant financial activities, the FTC requirements apply to your business and compliance is required by June 9, 2023.
View the FTC’s guidelines for more information on whether your organization falls under the FTC Safeguards Rule.
The Safeguards Rule requires companies to develop a written information security plan that describes their program to protect customer information. The plan must be appropriate to the company’s size and complexity, the nature and scope of its activities, and the sensitivity of the customer information it handles.
The Safeguards Rule requires companies to assess and address the risks to customer information in all areas of their operation, including three areas that are particularly important to information security: Employee Management and Training; Information Systems; and Detecting and Managing System Failures.
The new deadline is June 9, 2023. After this deadline, companies can face hefty penalties for non-compliance.
Yes. TPx has affordable plans for companies of all sizes. We can work with you to customize the solution to fit your needs.