FTC Guidelines – what you need to know

The Federal Trade Commission (FTC) Safeguards Rule requires financial institutions, including accounting firms, to have measures in place to protect the security, confidentiality, and integrity of customer information. This includes developing and implementing a written information security plan that includes administrative, technical, and physical safeguards appropriate to the size and complexity of the firm and the nature and scope of its activities. Some specific requirements of the Safeguards Rule include:

1. Designating an employee or employees to coordinate the firm’s information security program.
   • Even if working with external partners, an employee must be responsible for this program.
2. Identifying and assessing the risks to customer information in each relevant area of the firm’s operation and designing and implementing safeguards to control these risks.
   • Identify where customer data is stored Who has access to this data? What software applications store this data? What controls are in place for monitoring access to this data?
3. Protecting against any anticipated threats or hazards to the security or integrity of customer information
   • What type of security do you have on your workstations, network, and cloud infrastructure? Is access to this information monitored?
4. Protecting against unauthorized access to or use of customer information that could result in substantial harm or inconvenience to any customer.
   • What security to do you have on your cloud resources How would you notify clients in the event of a breach?
5. Ensuring that service providers that handle customer information on the firm’s behalf are contractually bound to implement and maintain appropriate safeguards.
   • Have Business Partnership agreements with your vendors What security protocols are in place at your vendors? 

By complying with the FTC Safeguards Rule, accounting firms can help ensure the security and confidentiality of customer information and protect against potential data breaches. If your firm needs assistance with your FTC safeguards compliance visit https://plus1technology.com/ftc-safeguards/