The annual written report the Qualified Individual must deliver to firm leadership on the status of the information security program.
Board reporting (or QI reporting) is the annual written report that the Qualified Individual must deliver to the firm's board of directors, equivalent governing body, or senior officer in charge, summarizing the overall status of the information security program (16 CFR 314.4(i)). The report covers the current state of the program, risk assessment results, incidents during the year, testing and monitoring outcomes, identified gaps, and recommendations for the coming year. Firms with fewer than 5,000 consumer records are exempt from the written report requirement but still benefit from the discipline.
The board report is the FTC's mechanism for forcing senior accountability. A program nobody reviews tends to atrophy. Producing the report annually surfaces gaps before regulators or insurers do. For small firms with no formal board, the report goes to the managing partner or owner and gets stored alongside the WISP as evidence of governance.
The QI Dashboard (Premium) module handles this for your firm, personalized to your software, team size, and state requirements.
See plans and pricingThe person designated to oversee and be accountable for your firm's information security program, as required by the FTC Safeguards Rule.
A documented set of policies and procedures describing how your firm protects sensitive client data.
A federal regulation requiring financial institutions, including tax preparers, to develop and maintain a comprehensive information security program.
Buy the WISP yourself if you need the document.
Talk to us if you want the platform.
We use cookies to measure site performance and improve your experience. No data is sold to third parties. Privacy Policy