Based on our understanding of the Safeguard Rule set forth by the FTC, any policies and procedures required can be handled at the network level, and not the individual applications, such as Beyond, that are used when accessing consumer data.
Our SOC demonstrates that we have more than sufficient security standards in place. Also, if the agency has dual-factor authentication for a workstation log-in before the employee gets to our software, that would be compliant. Their security program needs to have a vendor management section to it, so that would be where they ask for our SOC to prove they have assessed our security.
If you are interested in using Multi-Factor Authentication
at the application level Beyond supports it. Agencies will need to set each user up with an email address in the User Setup section before enabling the feature.
What is the Safeguards Rule?
The Gramm-Leach-Bliley Act (GLBA) requires that covered financial institutions, including debt collectors, protect the security of their customer's financial information. In 2021, the Federal Trade Commission made the first major changes to these requirements in almost 20 years and gave companies one year to comply with the Standards for Safeguarding Customer Information—the Safeguards rule.
The rule requires financial institutions to develop, implement, and maintain a comprehensive information security program by Dec. 9, 2022.
Read the text of the amended rule as well as articles breaking down compliance with the rule, review the comprehensive ACA SearchPoint document on the Safeguards Rule, listen to related recordings of ACA’s members-only ACA Huddle, and more.
Please reach out if you have further questions in regards to the Safeguards Rule, and sign up for the Product Lab
if you would like for us to set up a roundtable discussion on this topic.
The DAKCS Team