FTC Safeguards Custom Security Program

For organizations looking to outsource as much of the compliance burden as possible to BPM’s security experts, our Custom Offering builds upon the previous Managed Program by supporting you through ongoing program management. As a Managed Program customer, BPM consultants will provide all of the previous and also perform the following:

Quarterly Program Review consisting of:
- Customer Information risk review and reporting
- Program collateral updates to reflect minor business changes that may occur over the life of your program
- A quarterly program brief to your organization’s leadership and/or security program stakeholders
Annual Cybersecurity Risk Assessment
Annual Penetration Test
Annual Board-Level Program Update

In addition to these service options, the Secentric-BPM partnership provides various custom consulting and managed services to solve nearly any other challenge your security program might face. Please contact us if you have questions about these or other cybersecurity solutions for your business.

Contact us to discuss pricing:

We don’t try to make complex security programs fit your business. Our packages meet your organization where it's at today in the FTC Safeguard journey.

What could the FTC Safeguards Custom Security Program include?

Managed Endpoint
Managed Infrastructure
Infrastructure Security Monitoring
Managed Data Backup
Managed Data Recovery
Pre-recorded Annual Cybersecurity Training Video
Custom Annual Cybersecurity Training
…and more

Cybersecurity Programs for FTC GLBA Safeguards Rule FAQ:

Does the FTC Safeguards Rule matter for my business?

According to the Code of Federal Regulations, § 314.2(h), if your business assists with loans or financing options, then yes, the FTC requirements apply to your business and compliance is required by June 9, 2023.

Is FTC Safeguards Rule compliance something that can wait until later?

Unfortunately, no. The deadline is June 9, 2023. This was previously extended from the original compliance date of December 9, 2022.

Is FTC Safeguards Rule compliance out of reach and unaffordable for my businesses?

No, it’s not. With the right plan, even small companies can implement prudent and affordable measures that achieve the required safeguards. Secentric makes compliance not only possible, but affordable and effective for small businesses.

What Areas Should a FTC GLBA Safeguards Rule Security Policy Cover?

A security policy that addresses FTC Safeguards Rule requirements will have several areas of focus. Secentric’s workflow assisted policy development will help you understand these requirements and construct a policy that’s tailored to fits your business. Essential topics to address in security policies for the FTC Safeguards Rule include:

Designate a Qualified Individual to implement and supervise your company’s information security program.
Conduct a risk assessment.
Design and implement safeguards to control the risks identified through your risk assessment.
Regularly monitor and test the effectiveness of your safeguards.
Train your staff
Monitor your service providers.
Keep your information security program current.
Create a written incident response plan.
Require your Qualified Individual to report to your Board of Directors.
Learn more at § 314.4 of the Safeguards Rule

How Can Businesses Comply With the FTC Safeguards Rule and Protect Themselves From Cyberattacks?

There are several fundamental practices a business can implement to improve their cybersecurity and achieve compliance with the FTC Safeguards Rule. One of the purposes and benefits of a security policy for your small business is that it sets up the structure for your security program and makes clear your expectations regarding areas such as:

Technical requirements
Security processes
Employee training and awareness
Expected behaviors

Each of these required topics are part of the FTC Safeguards Rule. Secentric will guide you through each of these areas to ensure the development of a comprehensive, compliance-ready policy!

Cybersecurity is not a one-and-done, overnight exercise. Keeping your business safe and secure is an ongoing process. At Secentric, we can help you create a cybersecurity policy and program that is purpose-built for your business and your needs.