9 Elements of FTC Safeguards
Security Program
The FTC Safeguards Rule outlines 9 separate components required for compliance. Each section listed below is a brief description of the core idea for each element followed by a direct link to the actual standard.
1. Designate a Qualified Individual
https://www.ecfr.gov/current/title-16/chapter-I/subchapter-C/part-314#p-314.4(a)
2. Perform and document risk assessment
https://www.ecfr.gov/current/title-16/chapter-I/subchapter-C/part-314#p-314.4(b)
3. Apply Controls
https://www.ecfr.gov/current/title-16/chapter-I/subchapter-C/part-314#p-314.4(c)
4. Validate controls
https://www.ecfr.gov/current/title-16/chapter-I/subchapter-C/part-314#p-314.4(d)
5: Develop Training/Auditing Program
https://www.ecfr.gov/current/title-16/chapter-I/subchapter-C/part-314#p-314.4(e)
6. Monitor Service Providers
https://www.ecfr.gov/current/title-16/chapter-I/subchapter-C/part-314#p-314.4(f)
7. Develop Continuous Improvement Cadence
https://www.ecfr.gov/current/title-16/chapter-I/subchapter-C/part-314#p-314.4(g)
8. Document Incident Response Plan
https://www.ecfr.gov/current/title-16/chapter-I/subchapter-C/part-314#p-314.4(h)
9. Provide Annual Reporting to Senior Leadership
https://www.ecfr.gov/current/title-16/chapter-I/subchapter-C/part-314#p-314.4(i)