FTC Safeguards Rule and FISMA Focused Audit and Assessments; we are ready when you are!

The FTC Safeguards Rule applies to financial institutions subject to the FTC’s jurisdiction and that aren’t subject to the enforcement authority of another regulator under section 505 of the Gramm-Leach-Bliley Act, 15 U.S.C. § 6805. According to Section 314.1(b), an entity is a “financial institution” if it’s engaged in an activity that is financial in nature or is incidental to such financial activities as described in section 4(k) of the Bank Holding Company Act of 1956, 12 U.S.C § 1843(k).

Lazarus Alliance Proactive Cyber Security® services minimize performance and operational risks with our industry-leading, innovative, and cost-effective FTC Safeguards Rule-focused services.

Just the facts ...

As the name suggests, the purpose of the Federal Trade Commission’s Standards for Safeguarding Customer Information – the Safeguards Rule, for short – is to ensure that entities covered by the Rule maintain safeguards to protect the security of customer information. The Safeguards Rule took effect in 2003, but after public comment, the FTC amended it in 2021 to make sure the Rule keeps pace with current technology. While preserving the flexibility of the original Safeguards Rule, the revised Rule provides more concrete guidance for businesses. It reflects core data security principles that all covered companies need to implement.

Lazarus Alliance specializes in the implementation and ongoing support of FTC Safeguards Rule programs that align with the requirement. We apply a risk-based, top-down approach that drives both efficiency and effectiveness into the programs.

Frequently Asked Questions

Who must comply with the FTC Safeguards Rule?

Financial institutions under FTC jurisdiction, such as mortgage brokers, tax preparers, non-bank lenders, credit unions, and auto dealers handling NPI, must comply.

Who conducts FTC Safeguards Rule audits?

Audits are conducted internally by compliance teams or by third-party assessors like Lazarus Alliance. The FTC may also perform inspections.

What are the nine elements of the FTC Safeguards Rule?

The nine elements (16 CFR 314.4) are:

Designate a Qualified Individual.
Conduct risk assessments.
Implement safeguards (e.g., encryption, MFA).
Regularly test controls.
Train employees.
Monitor service providers.
Update security programs.
Develop an incident response plan.
Report annually to the board.

What is the FTC Safeguards Rule risk assessment requirement?

Organizations must conduct periodic risk assessments to identify internal and external risks to NPI, per 16 CFR 314.4(b), using frameworks like NIST 800-30.

How often are FTC Safeguards Rule audits required?

Annual assessments are required, with ongoing monitoring and testing of controls (e.g., penetration testing) at least annually, per 16 CFR 314.4(d).

What are the penalties for FTC Safeguards Rule non-compliance?

Penalties include fines up to $100,000 per violation, corrective action orders, and reputational damage, enforced by the FTC under GLBA.

Find out more by calling +1 (888) 896-7580 today.

Name *

First

Last

Email *

Confirm Email

Phone

Company *

service in? services

Which service categories are you interested in? *

IT Audit & Compliance
Risk Assessment & Management
Vulnerability & Penetration Testing
Governance & Policy Analysis
Privacy Audit
Cybervisor Security Advisory Services
Lazarus Alliance Laboratory Testing

Which services are you interested in? *

StateRAMP
FedRAMP
SOC 1-2-3
CMMC, NIST 800-171 & 800-172
NIST 800-53, SCA-V
PCI DSS QSA & SAQ
PCI SSF S3
ISO 27001, 27017, 27018, 27701, 22301
ISO 9001, 90003
ISO 42001
HIPAA NIST 800-66
CJIS
IRS 1075 & 4812
ACAB LA DMF
NVLAP NIAP Common Criteria
FDA 21 CFR Part 11 GxP
MARS-E
NIST CSF
CBFP. FFIEC, SEC, NFA & FINRA
EUCS
C5
ENS
Privacy, CCPA, CPRA, GDPR, PIPEDA, DPIA, LGPD
Risk Management
Privacy DPIA, CPRA, CCPA
COSO SOX
NERC CIP
FTC SafeGuards
Something not listed

How may we assist you? *

Download our company brochure.

I agree to receiving additional marketing communications.

Detailed Approach to the FTC Safeguards Rule

Lazarus Alliance’s dedicated IT and operational audit professionals have experience working with a wide variety of industries of all sizes. We partner with you to assist your company in complying with the FTC Safeguards Rule requirements.

Cybervisor™ Consultations

A significant differentiator you will immediately appreciate is our Proactive Cyber Security™ FTC Safeguards Rule compliance audit methodology, which takes a continuous audit approach rather than the end-of-reporting period Audit Anarchy approach by other firms.

Lazarus Alliance Cybervisors™ assist with the FTC Safeguards Rule documentation development, including the System Security Plan, Policies, Procedures, and more.

Start to Finish in Record Time

Our proven FTC Safeguards Rule assessment approach and technology dramatically improve the completion process. We average a huge 46% reduction in the traditional assessment time due to the dedicated Continuum GRC SaaS portal you have 24/7 access, allowing everyone to get out quickly.