FTC Safeguards Rule: The Role of an MSP in the Compliance Process
July 3rd, 2025 | 4 min. read

Editor's note: This post was originally published on March 8, 2023 and has been revised for clarity and comprehensiveness.
Complying with the FTC Safeguards Rule has become a non-negotiable responsibility for businesses handling consumer financial data. But staying compliant isn't easy, especially for small to midsize organizations that lack the in-house resources to manage evolving cybersecurity requirements. The rule requires a comprehensive data security program, regular risk assessments, and ongoing monitoring, tasks that can quickly overwhelm internal teams.
Fortunately, you don’t have to do it alone. You can enlist a reliable Managed Service Provider for FTC compliance. They can help you navigate common compliance issues and provide your business with a roadmap to success.
At Intelligent Technical Solutions (ITS), we’ve been helping businesses comply with the new regulations since they were implemented.
In this article, we spoke with Ed Griffin, Chief Information Security Officer (CISO) of ITS, to go over the steps an MSP can take to make sure you achieve FTC compliance on time. But before we go there, here is a refresher on the FTC Safeguards Rule.
What is the FTC Safeguards Rule?
The FTC Safeguards Rule is a regulation that was originally created to help financial institutions safeguard consumers and protect personal information.
In December 2024, the FTC applied changes to strengthen the information security requirements. They included specific criteria for what financial institutions must implement.
In addition, the Safeguards Rule expanded its scope so that more merchants can now qualify as financial institutions. It covers any organizations that:
- Handle big money,
- Extend lines of credit or loans,
- Connect consumers with financial institutions, or
- Are involved with others' ability to access capital.
That’s why auto dealers and motorcycle dealerships are considered financial institutions because they put consumers and a finance agency into matchmaking.
How Can an MSP Help with FTC Safeguards Rule Compliance?
Many companies now need to comply with the FTC Safeguards Rule amendment. But if you are not a financial services institution, FTC Safeguard is also good as an aspirational target.
Either way, you may need some help from an MSP to prepare and proceed with the compliance.
Here are the things that your MSP can do:
1. An MSP Can Help Determine if You Are Subject to the New Safeguards Rule
Since it is quite new to some, an MSP can help identify if your business is within the scope of the FTC Safeguards Rule and explain why you need to comply.
“There’s a lot we can do but the first and most important thing is just identifying. Are they in scope, and if they’re in scope, what are their gaps? If the client doesn’t understand that, there’s no way that the rest of the process will make sense to them,” Griffin says.
2. An MSP Can Help Identify the Gaps in Your Network
If your business is in the scope of the Safeguards Rule, the MSP can put a start to a life cycle.
According to Griffin, a life cycle includes a risk assessment of your IT environment, information security, compliance controls, and procedures. The MSP will ensure that the IT elements you’ve deployed are compliant with the Safeguards Rule.
This process is typically done as a project. Some of it is done via auditing, which the MSP would do on their own, provided that the client gives them access.
For some of the information, however, the MSP needs to interview people within the organization, commonly across departments, and anyone handling information covered by the Safeguards Rule. These are usually the following:
- Names of consumers
- Social security numbers,
- Banking information
- Other personally identifiable information (PII)
At the end of the assessment, your MSP would come up with a report that cites where your strength and weaknesses are in terms of compliance.
So, that’s at the front end of the life cycle. For the next major part, if the client engages the MSP to be their IT provider, then they move on to bridging the gaps.
3. An MSP Can Help You Build a Suitable Security and Governance Program
Your MSP can ensure that your systems are leveraging technology to the utmost security and compliance.
“We can establish an ongoing security and compliance program. So, that’s doing regular risk assessments to ensure that the state of the business has not declined—always maintaining or improving—our compliance footprint,” Griffin says.
The MSP can highlight opportunities for improvement and then provide that to the client. Toward the tail-end of the life cycle, your provider could remediate issues they find that might otherwise result in non-compliance. Once the issues are resolved, the MSP will then recommend other changes that you might want to consider to improve your overall business operability, such as:
- Improving your security footprint
- Improving your compliance footprint
- Improving the way technologies are being used
And these are not limited to new capabilities but other ways that could economize your IT expenditures by leveraging technology.
By doing this, you can make things that used to be difficult simpler, allowing your team to focus on more strategic tasks rather than mundane ones. The same goes for the IT side as you try to get automation in and so forth and make security more sustainable.
Ready to be FTC Safeguards Rule Compliant?
Achieving FTC Safeguards Rule compliance can feel overwhelming, especially with new requirements and expanded scope, but you don’t have to figure it out alone. A reliable MSP can guide you through every stage of the process, from identifying your regulatory exposure to implementing long-term security and compliance strategies.
With expert support, your business not only meets federal requirements but also strengthens its cybersecurity posture and operational efficiency. Start now to stay ahead of deadlines, and ahead of cyber threats.
As a Managed Security Service Provider, ITS has been helping our clients navigate the world of compliance smoothly with our ITS Verify solutions. If you need help with meeting FTC Safeguards requirements, schedule a free compliance consultation with one of our experts. Or, you can check out the following resources for more info on the FTC Safeguards Rule:
Mark Sheldon Villanueva has over a decade of experience creating engaging content for companies based in Asia, Australia and North America. He has produced all manner of creative content for small local businesses and large multinational corporations that span a wide variety of industries. Mark also used to work as a content team leader for an award-winning digital marketing agency based in Singapore.
Topics: