Compliance Solutions
How IS Decisions supports compliance
with the FTC Safeguards Rule

The U.S. Federal Trade Commission’s Standard for Safeguarding Customer Information (the Safeguards Rule) is a compliance regulation passed in 2003 that expands on requirements in the Gramm Leach Bliley Act (GLBA). Specifically, the Safeguards Rule requires financial institutions to develop, implement, and maintain an information security program. The program design must be reasonably designed to protect customer information from both external and internal threats.

Following widespread data breaches in recent years, the FTC updated the Safeguards Rule in 2021 with stronger security requirements to protect customers’ financial information. Now, the FTC requires multi-factor authentication (MFA) for all individuals with access to networks where customer information is stored.

UserLock and FileAudit by IS Decisions can support your FTC compliance strategy with strong protections against unauthorized network and file access. Both software solutions complement each other to help control system access, identify employees with lightweight, secure MFA, respond quickly to suspicious activity, and better protect customer information.

Meet FTC Safeguards Rule Compliance

§ 314.4 (C)(5) Multi-factor authentication & access management

"Implement multi-factor authentication for any individual accessing any information system, unless your Qualified Individual has approved in writing the use of reasonably equivalent or more secure access controls."

Do you apply multi-factor authentication (MFA) on all users with access to the network?
Logo UserLock

Make access controls more robust and enhance effectiveness to verify a user’s identity.

§ 314.4 (C)(7) Change management

Adopt procedures for change management."

Do you restrict network access on a job-role basis?
Logo UserLock

Enables the administrator to set granular access rights to different types of employees to ensure that they can only access the information they need to do their job.

Do you review network access for employees who change roles in the organization?
Logo UserLock

Enables administrators to easily change access rights (permanently or temporarily) for individual users, groups of users, or organisational units.

§ 314.4 (C)(8) Access monitoring & auditing

"Implement policies, procedures, and controls designed to monitor and log the activity of authorized users and detect unauthorized access or use of, or tampering with, customer information by such users."

Can you attribute session duration and actions on the network to individual users?
Logo UserLock

Helps administrators verify all users’ identity at any time, making users accountable for any activity — malicious or otherwise.

Do you monitor access to the network?
Logo UserLock

Monitors all logon and logoff activity in real time to ensure that the only people who can access vital data are the people who need to. UserLock alerts administrators to any suspicious, disruptive or unusual logins based on time, location and device.

Do you monitor specific actions on files or folders, like copying, moving and deleting?
Logo FileAudit

Monitors all files and folders in real time on your network and records all actions that users take when making modifications. It verifies that users have not altered or destroyed information in an unauthorised manner.

Do you conduct regular security audits or reports?

Logo UserLock

Logo FileAudit

  • Records, audits and archives all network logon events, across all session types, from a central system.
  • Audits all access and changes to files and folders, and immediately alerts administrators to suspicious behavior.

Find out more for yourself with our FREE Fully Functional Trials

Download UserLock Download FileAudit