Please enable JavaScript in your browser to complete this form.
Is your business a financial institution subject to the Safeguards Rule?
If no, has your business undergone substantial transformation in the past two decades that might change its categorization as a financial institution?
Does your business handle or maintain customer information?
Do you have an information security program in place?
Have you designated a Qualified Individual to implement and supervise your information security program?
Have you implemented safeguards to control the risks identified in your risk assessment?
Have you implemented encryption measures for customer information?
Do you provide security awareness training to your staff?
Do you regularly update and revise your information security program to accommodate changes and emerging threats?
Does your Qualified Individual report regularly to the Board of Directors or a senior officer responsible for the information security program?
Are you familiar with the definitions provided in the Safeguards Rule glossary?
If yes, please specify the type of financial institution your business falls under:
How does your business handle customer information?
If yes, does your information security program include administrative, technical, and physical safeguards?
Have you conducted a risk assessment to identify potential risks and threats to the security, confidentiality, and integrity of customer information?
Do you have access controls in place to determine who has access to customer information?
Do you conduct regular monitoring and testing of the effectiveness of your safeguards?
Do you monitor your service providers to ensure they maintain appropriate safeguards?
Have you created a written incident response plan to address security events?
Scroll to Top