The Independent Agency Owner’s FTC Safeguards Cheat Sheet.
Everything an independent insurance agency must do to satisfy the FTC Safeguards Rule — and what it costs if you don’t — on one page. You sell coverage; you didn’t sign up to become a cybersecurity compliance officer. Here’s the whole picture in plain English, so you know the right questions to ask before a breach, a carrier audit, or the FTC decides it for you.
One short form. Instant download. We never ask for your customers’ personal information.
Your cheat sheet is ready.
Download it now — we’ve also emailed you a copy so it’s easy to find later.
⬇ Download the FTC Safeguards Cheat Sheet Book your free security review →
Not sure where your practice stands? The review is a free HIPAA technical security review — a plain-English findings list, no obligation.
One page. The whole picture.
The mandate — why a federal rule already names you
The FTC Safeguards Rule (16 CFR 314, under GLBA) classifies your agency as a financial institution. Because California has not adopted the NAIC insurance-data model law, the FTC Rule is the operative framework here — plus CA Department of Insurance licensing exposure.
The must-do list
A Written Information Security Plan (WISP), a named Qualified Individual, a written risk assessment, encryption and MFA on by default, least-privilege access controls, vendor oversight, workforce training, and an incident-response plan.
The 5,000-consumer trap & the 2026 penalties
Why “consumers” counts cumulatively across your book and history, how a long-running agency crosses 5,000 quietly into the heavier rules, the FTC’s $53,088-per-violation maximum, and the breach + multi-year consent-order reality. Real numbers, with the as-of date.
The “my AMS vendor covers compliance” myth
The questions to ask: “Can I see our written information security plan, and who’s our designated Qualified Individual?” Applied, Vertafore and the rest secure their platform — not your network, laptops, email, or the WISP that ties it together.
General information only — not legal or compliance advice. The free review is a technical assessment of your IT environment, not a determination of your FTC Safeguards compliance.
Written for independent agencies — by people who speak your management system.
Down the road, not across the country.
- Based in Menifee — Craig answers the phone himself.
- Remote-first — on-site across Menifee, Sun City, Murrieta, Temecula, Wildomar, Lake Elsinore when you need it.
- Member, Menifee Valley Chamber of Commerce.
- We build and maintain the WISP and own your technical safeguards.