FTC Safeguards Rule

Federal Trade Commission’s Standards for Safeguarding Customer Information

Meet the requirements of the FTC Safeguards Rule while managing compliance with ALL of your IT Security requirements . . . regardless of source.

Download Datasheet

Cybersecurity Risk Management for companies that handle personal financial data.

What is the FTC Safeguards Rule

The best way to get “schooled up” on the FTC Safeguards Rule is to go to the source. Technically, this rule is part of the Code of Federal Regulations, Title 16, Chaper 1, Subchapter C, Part 314 (Standards for Safeguarding Customer Information. This part implements sections 501 and 505(b)(2) of the Gramm-Leach-Bliley Act.

But if you don’t want to get into the weeds of a ton of regulatory lingo, we’ll summarize what you need to know, and how our software can help you navigates the waters of the regulation, and comply with all of its requirements, without having to be a regulatory expert.

The Federal Standard for safeguarding customer information.

The Rule requires covered entities to “develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to your size and complexity, the nature and scope of your activities, and the sensitivity of any customer information at issue.”

In a nutshell, the objectives of the Rule are:
  • Insure the security and confidentiality of customer information;
  • Protect against any anticipated threats or hazards to the security of such information; and
  • Protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer.

What Organizations Are Covered

Even though the FTC regulates Financial Institutions, this rule impacts a wide range of “peripheral” companies that have access to personal finanical information through their daily course of business.
Here are some examples:
  • Tax preparers and accountants
  • Investment advisors
  • Real estate and property appraisers
  • Finance companies that offer consumer loans
  • Automobile dealers that lease their cars
  • Payday lenders
  • Check cashers
  • Financial account servicers
  • Wire transferors
  • Collection agencies
  • Credit, debt, and career counselors
  • Check printers
  • Travel agencies
  • Colleges and universities
  • Online marketplaces and web sites for buyers and sellers
  • Community Banks
  • Credit unions
  • Mortgage lenders
  • Mortgage brokers
Exceptions To The Rule
The above is a general list, and there are other types of businesses that may be covered by the Rule. There are specific exceptions, as well, for organizations that may be involved in financial transactions, but aren’t “significantly engaged” in financial activities.
Examples of these exceptions written into the rule are:
  • A retailer is not a financial institution if its only means of extending credit are occasional “lay away” and deferred payment plans or accepting payment by means of credit cards issued by others.
  • A merchant is not a financial institution merely because it allows an individual to “run a tab.”
  • A grocery store is not a financial institution merely because it allows individuals to whom it sells groceries to cash a check, or write a check for a higher amount than the grocery purchase and obtain cash in return.

Also, while no small business is completely except from the FTC Safeguards Rule, there are fewer requirements for organizations that have fewere than 5,000 customers.

Featured Product Highlights For This Standard

The built-in FTC Safeguards Rule Compliance Management Template allows you to quickly determine which requirements you already meet, identify the gaps, and automatically prepare all of the documents you need to comply with the regulation.
You can use your existing IT security and privacy tools to implement the required safeguards specified by the Rule, but Compliance Manager GRC includes some additional specialized functionality you will need to fully comply.

Here are a few of the value-added features included with Compliance Manager GRC the apply to this standard:

• Rapid Baseline Assessments – Quickly identify gaps in any safeguards required for compliance
• Technical Risk Assessments – Full risk assessment (required under Part 314.4 (b))
• Policies & Procedures Manual – Required documentation (Part 314.4 (c)(8))
• Employee Awareness Training Portal – Tracking and reporting (required under Part 314.4 (e)(1))
• Customizable standards and controls — allowable under Part 314.4 (c)a
• Role-based access — required under Part 314.4 (c)(1)
• Automated Documentation & Reporting – (required under Part 314.4 (i))
• Vendor Management Portal – (required under Part 314.4 (f) to oversee service providers.
• Auditor’s Checklist – Easy access for FTC auditors to quickly satisfy their reporting requirements

Best of all, you can use this same platform to manage compliance with all of your other IT requirements — including compliance other government and industry rules and regs, with the security terms of your cyber insurance policy, and even compliance with your own internal IT policies


Whether complying with the FTS Safeguards Rule, tracking terms of your cyber risk insurance policy, or making sure your own IT policies and procedures are being followed, Compliance Manager GRC helps you Get IT All Done at the same time, and in the same place. No other Compliance Management software gives you this kind of flexibility .


Assuring compliance with the FTC Safeguards Rule – and all your other IT requirements – is easy with Compliance Manager GRC. You can get more work done with less labor, thanks to automated data collection, automated management plans, and automated document generation .


Compliance Manager GRC is priced to be affordable for the smallest organizations, yet boasts the power and functionality most often found in expensive, enterprise-class governance, risk and compliance platforms. Whether you are managing compliance for your own organization, or are an MSP delivering compliance-as-a-service, there’s a sensible subscription for you.

Request a Demo today and discover the advantages of Compliance Manager GRC — the  purpose-built compliance process management  platform for multifunctional IT professionals.

Overcome the Biggest IT Challenges and Responsibilities

  • Reduce Risk
  • Reduce Complexity
  • Save Money
Get a Demo