FTC Safeguards Rule
Federal Trade Commission’s Standards for Safeguarding Customer Information
Meet the requirements of the FTC Safeguards Rule while managing compliance with ALL of your IT Security requirements . . . regardless of source.


Cybersecurity Risk Management for companies that handle personal financial data.
What is the FTC Safeguards Rule
The best way to get “schooled up” on the FTC Safeguards Rule is to go to the source. Technically, this rule is part of the Code of Federal Regulations, Title 16, Chaper 1, Subchapter C, Part 314 (Standards for Safeguarding Customer Information. This part implements sections 501 and 505(b)(2) of the Gramm-Leach-Bliley Act.
But if you don’t want to get into the weeds of a ton of regulatory lingo, we’ll summarize what you need to know, and how our software can help you navigates the waters of the regulation, and comply with all of its requirements, without having to be a regulatory expert.
The Federal Standard for safeguarding customer information.
The Rule requires covered entities to “develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to your size and complexity, the nature and scope of your activities, and the sensitivity of any customer information at issue.”
- Insure the security and confidentiality of customer information;
- Protect against any anticipated threats or hazards to the security of such information; and
- Protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer.

What Organizations Are Covered
- Tax preparers and accountants
- Investment advisors
- Real estate and property appraisers
- Finance companies that offer consumer loans
- Automobile dealers that lease their cars
- Payday lenders
- Check cashers
- Financial account servicers
- Wire transferors
- Collection agencies
- Credit, debt, and career counselors
- Check printers
- Travel agencies
- Colleges and universities
- Online marketplaces and web sites that together buyers and sellers
- Community Banks
- Credit unions
- Mortgage lenders
- Mortgage brokers

- A retailer is not a financial institution if its only means of extending credit are occasional “lay away” and deferred payment plans or accepting payment by means of credit cards issued by others.
- A merchant is not a financial institution merely because it allows an individual to “run a tab.”
- A grocery store is not a financial institution merely because it allows individuals to whom it sells groceries to cash a check, or write a check for a higher amount than the grocery purchase and obtain cash in return.
Also, while no small business is completely except from the FTC Safeguards Rule, there are fewer requirements for organizations that have fewere than 5,000 customers.

Featured Product Highlights For This Standard
Here are a few of the value-added features included with Compliance Manager GRC the apply to this standard:
Best of all, you can use this same platform to manage compliance with all of your other IT requirements — including compliance other government and industry rules and regs, with the security terms of your cyber insurance policy, and even compliance with your own internal IT policies
Request a Demo today and discover the advantages of Compliance Manager GRC — the purpose-built compliance process management platform for multifunctional IT professionals.
Overcome the Biggest IT Challenges and Responsibilities
- Reduce Risk
- Reduce Complexity
- Save Money