Compliance as a Service

Keeping Your Data Security FTC Compliant

Maintaining customer financial data comes with legal responsibilities and potential liability.

Do you know if your system meets FTC requirements?

Safeguard Comply provides regular reviews of your data security systems. We identify gaps and help you implement solutions, so you stay in compliance with FTC regulations.

You focus on your business, and we’ll focus on your compliance.

FTC Standards

Nine Steps to FTC Compliance

In June 2023, the Federal Trade Commission (FTC) established new standards for data security for non-banking entities that handle customer financial data. The regulations apply to mortgage brokers, CPA firms, registered investment advisors, car dealerships, and more.

Unfortunately, data breaches are a regular occurrence. They can open your business up to civil and criminal prosecutions, especially if your security system is not in compliance with FTC regulations.

The FTC standards outline nine steps for businesses to develop and implement in their data security plans.

Download our Whitepaper

Responsibility

Identify an individual who is responsible for planning, implementing, and overseeing the plan. This person owns the plan, its management, and reporting.

Risk Assessment

Take a close look at internal and external threats to your customers’ private information. If your business manages data for 5,000 customers or more, your risk assessment must be in writing. Even if you don’t have 5,000 customers, this provision may still appy to you. We suggest that companies of any size have a written assessment.

Establish Safeguards

Review threats identified in the risk assessment and discuss how they can be mitigated.
Safeguards to consider include:

  • Password strength requirements and company policies
  • Inactivity locks on device screens
  • Electronic file storage systems, along with onsite cabinets and data storage rooms
  • Encryption systems for data that is transmitted electronically
  • Monitoring of inbound and outbound data transfers and access
  • Shredding and disposal policies for documents and computer hardware
  • Software updates and virus protection
  • Firewalls
  • Removal of systems access for terminated employees
  • Data access, use, and transportation for remote work
  • Access to data on public networks
  • Identification processes for information requests from customers or third parties
    Click here for more
  • Rules regarding nonmonitored personal devices for accessing customer information
  • Access by cleaning and building maintenance staff or other service providers not under direct contract
  • Vendor engagement and monitoring
    Click here for more

Testing and Monitoring

The FTC requires that you test your system every six months, or more often if there has been a “material impact” on your data or if your business has undergone “material changes.”

Staff Training and Auditing

Making sure staff fully understand data protection rules and the reasons for them is critical for your security plan’s success. Hold regular refreshers so that staff know the rules and understand the implications of a data breach.

Assessment of Service Providers

Not only must you keep your own house in order, you must make sure that any service provides you use are also in compliance. Reassess their services and plans regularly.

Continuous Improvement Program

A data security plan should be a living document, not one that collects dust on a shelf. As your business grows and changes, your plan should be reassessed for gaps and potential new threats.

New policies and procedures should be created to address these new risks.

Crisis Plan

Your data security program should include a detailed plan of how your business will respond if a data breach occurs. Roles and responsibilities should be clearly defined. This plan should be reviewed and updated regularly as part of the continuous improvement program.

Internal Reporting

The program should be evaluated annually and a report provided to leadership, outlining potential risks and available mitigation strategies.

Contact Us for a Free Consultation

info@safeguardcomply.com