Service

GLBA/FTC Snapshot

You're in financial services. The FTC Safeguards Rule says you need a written security program. We build it: coverage analysis, WISP, risk assessment framework, everything the rule requires.

10 business days
FTC Safeguards Rule aligned
Board-ready documentation
Get Started — $1,990

This is for you if:

  • You're in financial services and need to comply with the Safeguards Rule
  • You don't have a Written Information Security Program (WISP)
  • Your board or investors are asking about GLBA compliance
  • The 2023 Safeguards Rule update caught you off guard
9
Requirements covered
2023
Rule update aligned
FTC
Compliant
10
Days delivery
Half Dome

What you get

01

Coverage Memo

Clear analysis of whether GLBA applies to you, which provisions, and what specifically you need to do.

02

WISP Template

Written Information Security Program customized to your business. Not a generic template—tailored to how you actually operate.

03

Risk Assessment Framework

Methodology for identifying and assessing risks to customer information. Documented and repeatable.

04

Third-Party Oversight Docs

Templates and procedures for managing service providers who access customer data. Required under Safeguards Rule.

05

Incident Response Plan

What to do when something goes wrong. Required by the updated Safeguards Rule since 2023.

06

Board Reporting Template

How to report security status to your board. Required for financial institutions.

The process

8 steps from kickoff to complete GLBA compliance documentation.

1

Submit intake

Online form

2

Share docs

Current policies

3

Coverage analysis

Applicability

4

Risk assessment

Framework build

5

WISP draft

Documentation

6

Vendor oversight

Templates

7

IRP draft

Incident response

8

Delivery

Full package

Half Dome
Half Dome
Scope

What's included

Included
  • GLBA coverage analysis memo
  • Complete WISP document
  • Risk assessment framework
  • Service provider oversight templates
  • Incident response plan
Also
  • Board reporting template
  • Annual review checklist
  • Qualified Individual documentation
  • 30-day email support

Important

This engagement provides documentation, policies, and compliance frameworks. Implementation of technical controls, including but not limited to multi-factor authentication and encryption, constitutes separate work outside the scope of this service.

Safeguards Rule requirements

The FTC's Safeguards Rule has specific requirements for financial institutions. Here's what you need to have documented:

Designate a qualified individual to oversee the program
Conduct risk assessments
Implement safeguards to address identified risks
Regularly test and monitor effectiveness
Train staff on security awareness
Oversee service providers
Keep the program current
Create a written incident response plan
Report to the board (or equivalent)

Before vs After

Without documentation

Not sure if GLBA applies to you

Security policies scattered everywhere

No idea what a WISP is

Board asks about compliance, you improvise

Hoping the FTC doesn't notice

With GLBA Snapshot

Clear coverage memo: GLBA applies, here's why

Complete WISP tailored to your business

Risk assessment framework documented

Board reporting template ready to use

FTC-ready documentation

Result

You know where you stand

Your WISP structure

We don't give you a generic template. Your WISP is customized to how your organization actually operates, with specific controls and procedures that match your technology stack and business model.

Each section addresses specific Safeguards Rule requirements, so when regulators or auditors ask, you have documentation ready.

Sample WISP Structure

1
Program Overview
2
Designated Coordinator
3
Risk Assessment
4
Safeguards
5
Service Provider Oversight
6
Evaluation & Adjustment
7
Incident Response Plan

Customized to your organization's specific operations

Common questions

Does GLBA apply to my company?

If you're "significantly engaged" in financial activities—lending, investing, insuring, advising on finances—GLBA likely applies. This includes mortgage brokers, tax preparers, financial advisors, and many fintech companies.

What changed with the Safeguards Rule update?

The FTC updated the Safeguards Rule in 2023 with more specific requirements: encryption, MFA, penetration testing, and documented incident response. Many companies that thought they were compliant now have gaps.

What if we're small?

If you have fewer than 5,000 customer records, some requirements are simplified. But you still need a WISP, risk assessment, and most of the core protections. We'll tailor the scope to your size.

How often do we need to update this stuff?

Risk assessments should be done at least annually or when significant changes occur. The WISP should be reviewed annually. We set you up with a maintenance schedule.

What happens if we're not compliant?

The FTC can fine you up to $50,000 per violation. More practically, regulators are actively enforcing this now. A documented program is your best defense.

What's a Qualified Individual and do we need one?

The Safeguards Rule requires you to designate someone to oversee your security program. It can be an employee or outsourced. We help you document this role properly.

Get your GLBA documentation in order.

We build your WISP, risk assessment framework, and compliance documentation. 10 days, $1,990, board-ready.

Get Started