Skip to content
"VC3 has made it easier than ever before for our local government to serve our citizens by providing us with modern web tools and a team
of talented and courteous professionals.
City of Valdosta, GA

Find All the Resources You Need

Our resources & insights includes case studies, client testimonials, guides, checklists, blog articles and more!


1 min read

[Video] VC3 Answers Your FTC Safeguards Rule Questions

FTC Safeguards Rule Video Interview

You’ve got questions about the updated FTC Safeguards Rule? We’ve got answers.  

Cole Two Bears, VC3’s Director of Managed Security, recently discussed some of the most frequently asked questions from CPA firms about the updated FTC Safeguards Rule. 

In this 15-minute video, Cole covers:  

  • Each of the new requirements, unpacking them in non-technical terms.  

  • Why CPA firms should worry, even if they were creating information security plans as part of the Rule for years. 

  • Ways to meet the Qualified Individual requirement. 

  • What is most likely to trip up CPA firms. 

This video will give you some actionable tools and next steps to evaluate your CPA firm’s compliance. 


We also encourage you to explore some of our other FTC Safeguards Rule resources: 

Guide to the Updated FTC Safeguards Rule Requirements for CPAs 

In this guide, we go through each of the 9 FTC Safeguards Rule elements and show you what they mean, how to comply, and where you may need help. 

3 Unexpected Ways the Updated FTC Safeguards Rule Will Trip Up CPA Firms 

It’s easy to assume that how you’ve previously complied will continue to work. However, the nine elements in the new Rule contain very specific requirements that, while leaving some wiggle room for how you implement them, must adhere to strict best practices. So, how might your CPA firm trip up on these new requirements? We’re seeing three obstacles that you may not expect. 

Continuous Cybersecurity Monitoring vs Penetration Testing for FTC Safeguards Rule Compliance 

Penetration testing alone leaves you open to many cyber threats that could be thwarted with continuous monitoring, the FTC’s primary recommendation. This is not an area where you want to take a shortcut. A cyberattack can cause reputational damage, lead to lost revenue, and deliver a devastating blow to your productivity. Learn why you’ll want continuous monitoring as your primary method of meeting the FTC’s requirement.

IRS Publication 4557 Guide

We created this guide to specifically outline where VC3 can help you meet a requirement, where both you and VC3 must meet the requirement together (usually a combination of technology and policy), and where you must meet the requirement (usually a non-technical policy that you must implement). 

Let's talk about how VC3 can help you AIM higher.