Skip to the content


Did you know that the FTC Safeguards Rule was recently updated?

The Federal Trade Commission's (FTC) Safeguards Rule stipulates that financial institutions must develop, implement, and sustain an information security program to shield sensitive customer data from external threats.

The FTC has expanded the definition of 'financial institutions' to encompass any organization engaged in activities that are financial in nature, with the exception of banks. This broad definition now includes all businesses that handle customer financial information, offer credit, transfer money between consumers, or impose fees for facilitating financial transactions.

Meet the FTC Safeguards Rule Requirements

Whittlesey has everything you need to stay compliant with all nine requirements of the FTC Safeguards Rule for financial businesses. 

The FTC outlines nine crucial safeguards:

1.  Designate a qualified individual responsible for overseeing and implementing your information security program.

2.  Base your information security program on a risk assessment.

3.  Design and implement safeguards to control risks.

4.  Regularly test or otherwise monitor the effectiveness of the safeguards' key controls.

5.  Implement information security policies and procedures.

6.  Oversee service providers to ensure they comply with safeguards.

7.  Evaluate and adjust your information security program in accordance with testing and monitoring results.

8.  Establish a written incident response plan.

9. Write and communicate an annual report detailing the status of your information security program.

We can help your financial business comply with the FTC Safeguards Rule, no matter your current level of security. Contact us today to find out more.


Follow Us

For our thoughts on the industries we serve and firm updates, follow us on LinkedIn.

Schedule a Call

Contact our Whittesey Cyber Team for a consultation.