Todyl and Compliance: Federal Trade Commission's (FTC) Safeguards Rule

Zach DeMeyer
March 14, 2024

Compliance and security often get lumped into the same conversation, and as such, so do compliance and the Todyl Security Platform. In this blog, we’ll discuss how Todyl’s capabilities support adherence to the security portion of the FTC Standards for Safeguarding Customer Information, otherwise known as the FTC Safeguards Rule.

What is the FTC Safeguards Rule?

The Safeguards Rule (Title 16, Chapter 1, Subchapter C, § 314) covers how financial institutions subject to FTC jurisdiction but not any other parts of section 505 of the Gramm-Leach-Bliley Act. Specifically, it requires that financial institutions develop, implement, and maintain an information security program with explicit safeguards to protect customer information. These include multiple versions of administrative, technical, and physical safeguards.

Here’s a brief rundown of some of the requirements:

  • A qualified individual responsible for overseeing and implementing the program
  • An initial risk assessment
  • Safeguards to address risks found in the assessment
  • Continuous audits
  • Policies and procedures for personnel to follow
  • Service provider oversight
  • Ongoing improvements
  • A written incident response plan
  • Routine reporting

On the surface, these seem like standard requirements for a strong security posture, which they are. Most important for regulations like the Safeguards Rule is to both continuous adherence and documentation of these rules and processes. And, of course, having the technology and expertise in place to properly address risks and defend against threats.

How Todyl helps with the FTC Safeguards Rule

Looking at the requirements of the FTC Safeguards Rule, there are several standout areas where you can use Todyl to help you achieve them.

Addressing risk

Using the Todyl Security Platform, you have many security controls at your disposal that are key to developing an FTC Safeguards-compliant program. By combining modules like SASE, SIEM, and Endpoint Security (EDR/NGAV), you can establish access controls by the principle of least privilege, establishing role-based and other conditional access controls to prevent unauthorized access to customer information. You can also create device and network policies to enforce features like encryption and multi-factor authentication (MFA) as required by the Safeguards Rule. These are enforced through the single, lightweight Todyl agent.

Monitoring, auditing, and reporting

A major aspect of all compliance regulations is the ability to continually gain insights into your environment, identify opportunities to improve, and report your findings back to stakeholders. FTC Safeguards Rule is no different, but thankfully, Todyl can help.

Our SIEM module integrates both natively across our SASE and Endpoint products, but also with dozens of today’s top apps, collaboration suites, and identity providers. With all this event log information in one place, you can use SIEM to quickly drill into issues, both to address potential and ongoing threats, but also to spot potential risks or vulnerabilities. And you can also use SIEM to easily extract information and present it in reports that both internal stakeholders and regulatory auditors can pull value from.

Processes: Incident response and more

Although not a primary function of the Todyl platform, you can use it to show proof of strong security controls and processes, especially when it comes to showcasing your incident response practices. Todyl’s SOAR offering includes playbooks, step-by-step guides that you and your team use to consistently automate threat response processes. These playbooks and other controls within Todyl can help you show to compliance auditors the controls and processes you’ve put in place to meet the requirements of the FTC Safeguards Rule and others.

MXDR and GRC

Beyond these, major proponents of the Todyl offering that help with the FTC Safeguards Rule is our MXDR andGRC modules.  

MXDR is a 24x7 security operations center (SOC) that operates on your behalf, securing your environment using the Todyl platform and helping establish better procedures, documentation, and ultimately, security posture. Not only does MXDR keep a watchful eye on your environment, even when you’re off the clock, but they routinely meet with you to catch up on potential risks and vulnerabilities and identify room for improvement. All these are critical to showing both effective security controls and their continuous improvement, key aspects of the FTC Safeguards Rule.

GRC gives you a way to track and document your progress toward FTC Safeguards Rule compliance directly through Todyl. Just follow along with the checklist laid out, filling out each section to the best of your ability. GRC not only shows how you apply to selected regulations like FTC Safeguard, but also helps identify other requirements you apply to based on aspects like your location or industry.

Learn more

To get more information on how Todyl applies to the FTC Safeguards Rule and other compliance regulations, book a demo with us today to see the product in action.

Stay up to date

Subscribe to receive the latest insights, news, and updates from Todyl.

Additional reading

Why I Joined Todyl: Spotlight on David Dewey
How Todyl addresses the "Pandemic 11"
Understanding AMSI bypass techniques

Todyl updates

Sign-up to get the latest from Todyl sent straight to your inbox.