FTC Safeguards Rule

Federal Trade Commission’s Standards for Safeguarding Customer Information

Meet the requirements of the FTC Safeguards Rule while managing compliance with ALL of your IT Security requirements . . . regardless of source.

Download Datasheet

Cybersecurity Risk Management for companies that handle personal financial data.

What is the FTC Safeguards Rule

The best way to get “schooled up” on the FTC Safeguards Rule is to go to the source. Technically, this rule is part of the Code of Federal Regulations, Title 16, Chaper 1, Subchapter C, Part 314 (Standards for Safeguarding Customer Information. This part implements sections 501 and 505(b)(2) of the Gramm-Leach-Bliley Act.

But if you don’t want to get into the weeds of a ton of regulatory lingo, we’ll summarize what you need to know, and how our software can help you navigates the waters of the regulation, and comply with all of its requirements, without having to be a regulatory expert.

The Federal Standard for safeguarding customer information.

The Rule requires covered entities to “develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to your size and complexity, the nature and scope of your activities, and the sensitivity of any customer information at issue.”

In a nutshell, the objectives of the Rule are:
  • Insure the security and confidentiality of customer information;
  • Protect against any anticipated threats or hazards to the security of such information; and
  • Protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer.

What Organizations Are Covered

Even though the FTC regulates Financial Institutions, this rule impacts a wide range of “peripheral” companies that have access to personal finanical information through their daily course of business.
Here are some examples:
  • Tax preparers and accountants
  • Investment advisors
  • Real estate and property appraisers
  • Finance companies that offer consumer loans
  • Automobile dealers that lease their cars
  • Payday lenders
  • Check cashers
  • Financial account servicers
  • Wire transferors
  • Collection agencies
  • Credit, debt, and career counselors
  • Check printers
  • Travel agencies
  • Colleges and universities
  • Online marketplaces and web sites for buyers and sellers
  • Community Banks
  • Credit unions
  • Mortgage lenders
  • Mortgage brokers
Small Business Variant To The Rule
While no small business is completely except from the FTC Safeguards Rule, there are fewer requirements for organizations that have fewer than 5,000 customers.
For example, if you maintain customer information concerning fewer than five thousand consumers
  • You do not need to have a designated “Qualified Individual” on staff to manage compliance
  • You must perform a regular assessment, but it does not need to be fully documented in advance
  • The security measures that must be implemented are significantly reduced
  • You are not required to perform your own assessment of your outsourced IT service provider
  • You don’t need an incident response plan, nor do you need a qualified individual to annually report findings to your board of directors.

While these exceptions make it significantly easier for smaller organizations to comply with the rule, there are still dozens of other requirements that apply to you. Compliance Manager GRC includes a separate variant of the FTC Safeguards Rule specifically for organizations that fall under this category.

Featured Product Highlights For This Standard

The built-in FTC Safeguards Rule Compliance Management Template allows you to quickly determine which requirements you already meet, identify the gaps, and automatically prepare all of the documents you need to comply with the regulation.
You can use your existing IT security and privacy tools to implement the required safeguards specified by the Rule, but Compliance Manager GRC includes some additional specialized functionality you will need to fully comply.

Here are a few of the value-added features included with Compliance Manager GRC the apply to this standard:

• Rapid Baseline Assessments – Quickly identify gaps in any safeguards required for compliance
• Technical Risk Assessments – Full risk assessment (required under Part 314.4 (b))
• Policies & Procedures Manual – Required documentation (Part 314.4 (c)(8))
• Employee Awareness Training Portal – Tracking and reporting (required under Part 314.4 (e)(1))
• Customizable standards and controls — allowable under Part 314.4 (c)a
• Role-based access — required under Part 314.4 (c)(1)
• Automated Documentation & Reporting – (required under Part 314.4 (i))
• Vendor Management Portal – (required under Part 314.4 (f) to oversee service providers.
• Auditor’s Checklist – Easy access for FTC auditors to quickly satisfy their reporting requirements

Best of all, you can use this same platform to manage compliance with all of your other IT requirements — including compliance other government and industry rules and regs, with the security terms of your cyber insurance policy, and even compliance with your own internal IT policies


Whether complying with the FTS Safeguards Rule, tracking terms of your cyber risk insurance policy, or making sure your own IT policies and procedures are being followed, Compliance Manager GRC helps you Get IT All Done at the same time, and in the same place. No other Compliance Management software gives you this kind of flexibility .


Assuring compliance with the FTC Safeguards Rule – and all your other IT requirements – is easy with Compliance Manager GRC. You can get more work done with less labor, thanks to automated data collection, automated management plans, and automated document generation .


Compliance Manager GRC is priced to be affordable for the smallest organizations, yet boasts the power and functionality most often found in expensive, enterprise-class governance, risk and compliance platforms. Whether you are managing compliance for your own organization, or are an MSP delivering compliance-as-a-service, there’s a sensible subscription for you.

Request a Demo today and discover the advantages of Compliance Manager GRC — the  purpose-built compliance process management  platform for multifunctional IT professionals.

Overcome the Biggest IT Challenges and Responsibilities

  • Reduce Risk
  • Reduce Complexity
  • Save Money
Get a Demo