The Federal Trade Commission (FTC) "Standards for Safeguarding Customer Information" (commonly referred to as Safeguards Rule) is a set of requirements issued under Section 501(a) of the Gramm-leach-Bliley Act (GLBA) which requires financial institutions (now to include dealerships) to implement and maintain a comprehensive and documented information security program. Issued to protect consumer information and mitigate identity theft, privacy violations, and misuse of confidential data, the Safeguards Rule was issued in 2002 and officially took effect on May 23rd, 2003.
By now all financial institutions and dealerships have become familiar with the requirements of the Federal Trade Commission (FTC) "Standards for Safeguarding Customer Information" (Safeguards Rule) which requires organizations to develop, implement, and maintain a comprehensive written information security program. But due by December 9, 2022, the Revised Safeguards Rule will require organizations to revise their information security programs and implement new compliance measures.
December 9, 2022 - Required Revisions Take Effect
Effective December 9, 2022, financial institutions (including dealerships) are required to revise their information security programs and implement new security measures including annual periodic penetration testing or continuous monitoring of information systems to remain compliant.
Note: Organizations must take steps throughout 2022 and in advance of this date to comply by this deadline.
The FTC publishes revisions to Safeguards Rule (also referred to as Revised Safeguards Rule or Revised Rule), which expanded upon and added new revision requirements.Original Safeguards Rule
Requirement of conducting risk assessments.
Requirement of regular testing and/or monitoring of key controls, systems, and procedures used to protect client information.
Assessments must be conducted regularly going forward.
Testing must be done with the goal of detecting actual and attempted attacks or intrusions on information systems.
Our team of testers are certified processionals, ready to help you uncover exploitable security vulnerabilities and meet FTC Safeguards Rule requirements. At the end of your project, we will deliver a comprehensive report of our findings, including remediation recommendations. We even offer remediation re-testing for FREE for up to six findings, within six months of project completion. Schedule a call with our team to discuss your unique security needs.