The person designated to oversee and be accountable for your firm's information security program, as required by the FTC Safeguards Rule.
A Qualified Individual (QI) is the person designated under the FTC Safeguards Rule to oversee, implement, and enforce your firm's information security program. The QI does not need to be an employee (firms can designate a vCISO, MSP, or outside consultant), but someone must be formally designated in writing. The QI is responsible for reporting to the firm's governing body (or senior officer) on the overall status of the security program, material security risks, and any incidents. Firms with fewer than 5,000 consumer records have a partial exemption from the written QI report requirement.
The FTC Safeguards Rule requires every covered financial institution to designate a Qualified Individual. This is not optional for firms above the 5,000-record threshold. The QI carries personal accountability for the security program and must provide regular written reports to leadership. Many CPA firms have not formally designated a QI, which is a compliance gap that regulators and insurers can identify.
The QI Dashboard (Premium) module handles this for your firm, personalized to your software, team size, and state requirements.
See plans and pricingA federal regulation requiring financial institutions, including tax preparers, to develop and maintain a comprehensive information security program.
A documented set of policies and procedures describing how your firm protects sensitive client data.
A structured list of all security controls your firm should have in place, mapped to regulatory requirements, with testing status and evidence.
Buy the WISP yourself if you need the document.
Talk to us if you want the platform.
We use cookies to measure site performance. No data is sold to third parties. You can opt out at any time. Privacy Policy