On Tuesday, November 15th, the FTC postponed enforcement of some of the requirements of the revised Safeguards Rule. This change allows affected entities some breathing room, offering an six additional months (6/9/23) for implementation. To ensure you are not scrambling last minute, we’ll offer monthly updates on how you can start moving towards compliance.
Let’s start with Requirement 1:
A Designated, Qualified Person to Oversee the Company Information Security Program
The Qualified Individual can be an employee of your company or can work for an affiliate or service provider. The person doesn’t need a particular degree or title, but needs to understand your organization. The Qualified Individual selected by a small business may have a background different from someone running a large corporation’s complex system. If your company brings in a service provider to implement and supervise your program, the buck still stops with you. It’s your company’s responsibility to designate a senior employee to supervise that person. If the Qualified Individual works for an affiliate or service provider, that affiliate or service provider also must maintain an information security program that protects your business.
BMT has the expertise to ensure your program is compliant. Want to learn more?
Schedule a Safeguards Compliance Assessment Today