• SecurePath for Auto Dealers
  • Services
    • SOC Reporting Services
      • SOC 2® Readiness Assessment
      • SOC 2® Reports
      • SOC 3® Reports
      • SOC for Cybersecurity® Reports
    • IT Advisory Services
      • IT Vulnerability Assessment
      • Network Penetration Testing
      • Privileged Access Management
      • Social Engineering Testing
      • Virtual CISO (vCISO)
      • Written Information Security Program (“WISP”)
      • IT General Controls Audit & Compliance
    • IT Government Compliance
      • CMMC Cybersecurity Services & Compliance
      • DFARS Compliance
      • FTC Safeguards Compliance
  • Industries
    • Financial Services
    • Government
    • Auto Dealerships
    • Enterprise
  • Blog
  • About Us
    • Meet The Team
    • Jobs
  • Contact Us

Call us today! 844-OCD-TECH

Find our Location
OCD TechOCD Tech
  • SecurePath for Auto Dealers
  • Services
    • SOC Reporting Services
      • SOC 2® Readiness Assessment
      • SOC 2® Reports
      • SOC 3® Reports
      • SOC for Cybersecurity® Reports
    • IT Advisory Services
      • IT Vulnerability Assessment
      • Network Penetration Testing
      • Privileged Access Management
      • Social Engineering Testing
      • Virtual CISO (vCISO)
      • Written Information Security Program (“WISP”)
      • IT General Controls Audit & Compliance
    • IT Government Compliance
      • CMMC Cybersecurity Services & Compliance
      • DFARS Compliance
      • FTC Safeguards Compliance
  • Industries
    • Financial Services
    • Government
    • Auto Dealerships
    • Enterprise
  • Blog
  • About Us
    • Meet The Team
    • Jobs
  • Contact Us
Some FTC Safeguard Provision Deadlines Postponed
Some FTC Safeguard Provision Deadlines Postponed

Some FTC Safeguard Provision Deadlines Postponed

December 7, 2022 Posted by Robbie Harriman IT Security

FTC Extends Compliance Deadlines

The Federal Trade Commission (FTC) has postponed the deadline for some Safeguards Rule provisions. The new deadline for specific requirements is now June 9, 2023. The FTC cited supply chain issues and workforce shortages caused by the COVID-19 pandemic as reasons for the extension.

Although businesses now have more time, it is still crucial to continue compliance efforts. The FTC acknowledged that achieving full compliance within a year was unrealistic for many organizations, particularly auto dealers. Since these safeguards require significant work, the extra six months provide a more reasonable timeline—provided companies remain committed to their efforts. However, it’s important to remember that not having these safeguards in place still creates serious security risks.

FTC and Industry Urge Continued Compliance

The FTC continues to encourage affected organizations to make progress toward compliance. In its statement, the agency emphasized that the extension gives financial institutions additional time to ensure their information security programs align with the Safeguards Rule.

Similarly, the National Auto Dealers Association has advised its members to stay focused on meeting the requirements. Although some provisions now have a later deadline, many still require compliance by December 9, 2022.

Deadlines: What Has Changed and What Hasn’t

Extended Deadline: Now Due June 9, 2023

The following provisions have been granted an extension:

  • 314.4 (a): Designate a Qualified Individual
  • 314.4 (b)(1): Perform a Risk Assessment
  • 314.4 (c)(1): Address Risks Identified in the Risk Assessment
  • 314.4 (c)(3): Encrypt Data at Rest and in Transit
  • 314.4 (c)(5): Implement Multi-Factor Authentication
  • 314.4 (e): Conduct Security Awareness Training
  • 314.4 (f): Oversee Service Providers
  • 314.4 (h): Establish an Incident Response Plan

Unchanged Deadline: Still Due December 9, 2022

Other critical provisions must still be met by December 9, 2022. These include:

  • 314.4 (c)(2): Identify and Manage Data, Personnel, Devices, Systems, and Facilities
  • 314.4 (c)(4): Implement a Secure Software Development Life Cycle
  • 314.4 (c)(6): Securely Dispose of Data
  • 314.4 (c)(7): Implement a Change Management Process
  • 314.4 (c)(8): Monitor and Log User Activity, Detect Unauthorized Access
  • 314.4 (d)(1): Test and Monitor Security Controls 314.4 (d)(2): Use Continuous Monitoring or Penetration Testing
  • 314.4 (g): Update Information Security Programs Based on Monitoring Results
  • 314.4 (i): Submit a Written Report by a Qualified Individual (though assigning a Qualified Individual is delayed, the reporting requirement remains unchanged)

Next Steps for Businesses Affected by the Postponed FTC Safeguard Provisions

We strongly encourage businesses to remain focused on compliance, prioritizing the provisions that are still due in December. Even with the extension, organizations should not delay their efforts.

Our team is available to assist in prioritizing tasks and ensuring smooth implementation. If you have any questions or concerns, feel free to reach out.

Authoritative FTC Sources

For more details on the deadline extension, visit these official FTC resources:

  • FTC Business Blog Post
  • Federal Register Notice
  • Concurring Statement of Commissioner Christine S. Wilson

Tags: cybersecurityInformation SecurityIT Security
Share
0
Avatar photo

About Robbie Harriman

Robbie is the Senior IT Audit Manager at OCD Tech.  Robbie joined the firm in May of 2016. Prior to working at O’Connor & Drew, P.C., Robbie worked in IT for other companies, including the heavily regulated casino industry.  He currently travels locally and internationally working on some of OCD’s largest financial services companies.  He has a diverse range of experience in the IT field, with a deep background in IT systems administration and control areas.

You also might be interested in

Why Founders Launching on Bubble.io Need SOC2® Compliance: A Critical Piece of the Puzzle

Why Founders Launching on Bubble.io Need SOC2® Compliance: A Critical Piece of the Puzzle

Oct 7, 2024

When it comes to building apps quickly and efficiently, Bubble.io[...]

5 internal controls

5 Internal Controls

May 14, 2024

Maximum Security in Your Business  Strong internal controls act as[...]

Are You Password Walking?

Are You Password Walking?

Jun 7, 2018

How Secure Are Your Passwords? Password entry is a daily[...]

Find us on

Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Send Message
OCD Tech logo Audit. Security. Assurance.

IT Audit | Cybersecurity | IT Assurance | IT Security Consultants – OCD Tech is a technology consulting firm serving the IT security and consulting needs of businesses in Boston (MA), Braintree (MA) and across New England. We primarily serve Fortune 500 companies including auto dealers, financial institutions, higher education, government contractors, and not-for-profit organizations with SOC 2 reporting, CMMC readiness, IT Security Audits, Penetration Testing and Vulnerability Assessments. We also provide dark web monitoring, DFARS compliance, and IT general controls review.

Contact Info

  • OCD Tech
  • 25 BHOP, Suite 407, Braintree MA, 02184
  • 844-623-8324
  • https://ocd-tech.com

Follow Us

Videos

Check Out the Latest Videos From OCD Tech!

Services

SOC Reporting Services
– SOC 2 ® Readiness Assessment
– SOC 2 ®
– SOC 3 ®
– SOC for Cybersecurity ®

IT Advisory Services
– IT Vulnerability Assessment
– Penetration Testing
– Privileged Access Management
– Social Engineering
– WISP
– General IT Controls Review

IT Government Compliance Services
– CMMC
– DFARS Compliance
– FTC Safeguards vCISO

Industries

  • Financial Services
  • Government
  • Enterprise
  • Auto Dealerships

© 2025 — OCD Tech: IT Audit - Cybersecurity - IT Assurance

  • OCD Tech
  • About Us
  • Contact Us
Prev Next