Meet the requirements of the FTC Safeguards Rule while managing compliance with ALL of your IT Security requirements . . . regardless of source.
What is the FTC Safeguards Rule
The best way to get “schooled up” on the FTC Safeguards Rule is to go to the source. Technically, this rule is part of the Code of Federal Regulations, Title 16, Chaper 1, Subchapter C, Part 314 (Standards for Safeguarding Customer Information. This part implements sections 501 and 505(b)(2) of the Gramm-Leach-Bliley Act.
But if you don’t want to get into the weeds of a ton of regulatory lingo, we’ll summarize what you need to know, and how our software can help you navigates the waters of the regulation, and comply with all of its requirements, without having to be a regulatory expert.
The Rule requires covered entities to “develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to your size and complexity, the nature and scope of your activities, and the sensitivity of any customer information at issue.”
In a nutshell, the objectives of the Rule are:
Even though the FTC regulates Financial Institutions, this rule impacts a wide range of “peripheral” companies that have access to personal finanical information through their daily course of business.
Here are some examples:
While no small business is completely except from the FTC Safeguards Rule, there are fewer requirements for organizations that have fewer than 5,000 customers.
For example, if you maintain customer information concerning fewer than five thousand consumersWhile these exceptions make it significantly easier for smaller organizations to comply with the rule, there are still dozens of other requirements that apply to you. Compliance Manager GRC includes a separate variant of the FTC Safeguards Rule specifically for organizations that fall under this category.
The built-in FTC Safeguards Rule Compliance Management Template allows you to quickly determine which requirements you already meet, identify the gaps, and automatically prepare all of the documents you need to comply with the regulation.
You can use your existing IT security and privacy tools to implement the required safeguards specified by the Rule, but Compliance Manager GRC includes some additional specialized functionality you will need to fully comply.
Here are a few of the value-added features included with Compliance Manager GRC the apply to this standard:
• Rapid Baseline Assessments – Quickly identify gaps in any safeguards required for compliance • Technical Risk Assessments – Full risk assessment (required under Part 314.4 (b)) • Policies & Procedures Manual – Required documentation (Part 314.4 (c)(8)) • Employee Awareness Training Portal – Tracking and reporting (required under Part 314.4 (e)(1)) • Customizable standards and controls — allowable under Part 314.4 (c)a • Role-based access — required under Part 314.4 (c)(1) • Automated Documentation & Reporting – (required under Part 314.4 (i)) • Vendor Management Portal – (required under Part 314.4 (f) to oversee service providers. • Auditor’s Checklist – Easy access for FTC auditors to quickly satisfy their reporting requirementsBest of all, you can use this same platform to manage compliance with all of your other IT requirements — including compliance other government and industry rules and regs, with the security terms of your cyber insurance policy, and even compliance with your own internal IT policies
COMPLETE: ALL-IN-ONE SOLUTIONWhether complying with the FTS Safeguards Rule, tracking terms of your cyber risk insurance policy, or making sure your own IT policies and procedures are being followed, Compliance Manager GRC helps you Get IT All Done at the same time, and in the same place. No other Compliance Management software gives you this kind of flexibility .
AUTOMATED: ASSESSMENTS & REPORTSAssuring compliance with the FTC Safeguards Rule – and all your other IT requirements – is easy with Compliance Manager GRC. You can get more work done with less labor, thanks to automated data collection, automated management plans, and automated document generation .
AFFORDABLE FOR ALLCompliance Manager GRC is priced to be affordable for the smallest organizations, yet boasts the power and functionality most often found in expensive, enterprise-class governance, risk and compliance platforms. Whether you are managing compliance for your own organization, or are an MSP delivering compliance-as-a-service, there’s a sensible subscription for you.
Request a Demo today and discover the advantages of Compliance Manager GRC — the purpose-built compliance process management platform for multifunctional IT professionals.
