FTC Safeguards compliance check
Answer 9 quick questions to see where your firm stands.
Takes about 2 minutes. No email required to see your score.
0 of 9
Element 1 of 9 — Qualified individual
Have you designated a specific person responsible for your firm's information security program?
This can be an employee, owner, or outside consultant — but someone must be formally designated.
Element 2 of 9 — Risk assessment
Has your firm conducted a written risk assessment in the past 12 months?
This should identify risks to client data and evaluate current safeguards against those risks.
Element 3 of 9 — Safeguards
Do you have encryption, MFA, and access controls in place for all systems that store client data?
This includes email, file storage, accounting software, and any system with SSNs or financial records.
Element 4 of 9 — Testing
Do you regularly test your security controls through vulnerability scans or penetration testing?
The FTC requires either continuous monitoring or annual penetration testing with biannual vulnerability scans.
Element 5 of 9 — Training
Do all employees receive security awareness training at least once per year?
This includes recognizing phishing emails, password best practices, and data handling procedures.
Element 6 of 9 — Vendor management
Do you verify that your third-party vendors (IT providers, cloud services, payroll) meet security standards?
You should have a process for selecting vendors who maintain safeguards and monitoring their compliance.
Element 7 of 9 — Updates
Do you update your security program whenever there's a major change to your systems, staffing, or operations?
New software, new employees, office moves, or new service offerings should all trigger a review.
Element 8 of 9 — Incident response
Does your firm have a written incident response plan?
This plan should outline what to do if there's a data breach — who to contact, how to contain it, and how to notify affected clients.
Element 9 of 9 — Reporting
Does your designated security person deliver a written report to leadership at least once per year?
This report should cover security status, compliance gaps, risk assessments, and upcoming security initiatives.
Get your full compliance roadmap
Enter your email and we'll send a personalized report with specific steps to close your gaps — or book a free 15-minute call to walk through it together.
— or —
Schedule a free 15-min call
Thank you!
We'll send your personalized compliance roadmap shortly.
In the meantime, feel free to schedule a call if you'd like to talk through your results.