Service

GLBA/FTC Snapshot

You're in financial services. The FTC Safeguards Rule says you need a written security program. We build it: coverage analysis, WISP, risk assessment framework, everything the rule requires.

10 business days

FTC Safeguards Rule aligned

Board-ready documentation

Get Started — $1,990

This is for you if:

You're in financial services and need to comply with the Safeguards Rule
You don't have a Written Information Security Program (WISP)
Your board or investors are asking about GLBA compliance
The 2023 Safeguards Rule update caught you off guard

Requirements covered

Days delivery

FTC

Compliant

100%

Board-ready

What you get

Coverage Memo

Clear analysis of whether GLBA applies to you, which provisions, and what specifically you need to do.

WISP Template

Written Information Security Program customized to your business. Not a generic template—tailored to how you actually operate.

Risk Assessment Framework

Methodology for identifying and assessing risks to customer information. Documented and repeatable.

Third-Party Oversight Docs

Templates and procedures for managing service providers who access customer data. Required under Safeguards Rule.

Sample WISP Structure

1. Program Overview

2. Designated Coordinator

3. Risk Assessment

4. Safeguards

5. Service Provider Oversight

6. Evaluation & Adjustment

7. Incident Response Plan

Customized to your organization's specific operations

What the Safeguards Rule requires

The FTC's Safeguards Rule has specific requirements for financial institutions. Here's what you need to have documented:

Designate a qualified individual to oversee the program

Conduct risk assessments

Implement safeguards to address identified risks

Regularly test and monitor effectiveness

Train staff on security awareness

Oversee service providers

Keep the program current

Create a written incident response plan

Report to the board (or equivalent)

Common questions

Does GLBA apply to my company?

If you're "significantly engaged" in financial activities—lending, investing, insuring, advising on finances—GLBA likely applies. This includes mortgage brokers, tax preparers, financial advisors, and many fintech companies.

What changed with the Safeguards Rule update?

The FTC updated the Safeguards Rule in 2023 with more specific requirements: encryption, MFA, penetration testing, and documented incident response. Many companies that thought they were compliant now have gaps.

What if we're small?

If you have fewer than 5,000 customer records, some requirements are simplified. But you still need a WISP, risk assessment, and most of the core protections. We'll tailor the scope to your size.

How often do we need to update this stuff?

Risk assessments should be done at least annually or when significant changes occur. The WISP should be reviewed annually. We set you up with a maintenance schedule.

What happens if we're not compliant?

The FTC can fine you up to $50,000 per violation. More practically, regulators are actively enforcing this now. A documented program is your best defense.

Get your GLBA documentation in order.

We build your WISP, risk assessment framework, and compliance documentation. 10 days, $1,990, board-ready.

Get Started