A federal regulation requiring financial institutions, including tax preparers, to develop and maintain a comprehensive information security program.
The FTC Safeguards Rule (16 CFR Part 314) is a regulation under the Gramm-Leach-Bliley Act that requires financial institutions to develop, implement, and maintain a comprehensive information security program. The rule was significantly updated in 2023 to add specific requirements including designating a Qualified Individual, conducting regular risk assessments, implementing access controls, encrypting customer data, and maintaining an incident response plan. Tax preparers, CPAs, and accounting firms are classified as financial institutions under this rule.
Non-compliance can result in FTC penalties of up to $53,088 per violation. The 2023 amendments added concrete requirements that many small CPA firms had not previously addressed, including written risk assessments, access control inventories, and incident response plans. Cyber insurers are increasingly requiring documented FTC compliance before issuing or renewing policies.
The 58-Control Register module handles this for your firm, personalized to your software, team size, and state requirements.
See plans and pricingA documented set of policies and procedures describing how your firm protects sensitive client data.
The person designated to oversee and be accountable for your firm's information security program, as required by the FTC Safeguards Rule.
A documented set of procedures your firm follows when a data breach or security incident occurs.
A systematic process of identifying threats to your firm's data and evaluating the effectiveness of your security controls.
Buy the WISP yourself if you need the document.
Talk to us if you want the platform.
We use cookies to measure site performance. No data is sold to third parties. You can opt out at any time. Privacy Policy