iTGC Safeguards

Lead with Oversight. Operate with Confidence.

The FTC Safeguards Rule now applies to a wide range of small businesses and not-for-profits—many of which lack the internal resources to interpret, implement, and oversee compliance requirements on their own.

iTech Governance Consulting (iTGC) helps you meet those expectations through a focused, six-month engagement that delivers everything needed to stand up a sustainable, regulator-ready information security program.

We don’t sell tools. We help you govern them.

Avoid Regulatory Penalties
Build a compliant Information Security Program that meets GLBA and FTC requirements without overburdening your team.

Prove Due Diligence
Establish defensible policies and oversight structures that show you're serious about protecting sensitive data.

Reduce Risk Exposure
Implement controls like access management, encryption, and incident response planning tailored to your actual operations.

Align Security to Business Goals
Make smart, right-sized decisions that support growth without unnecessary complexity or cost.

1. Executive Insight, Not Checklist Audits
We go beyond technical compliance to help you make informed decisions about your IT and cybersecurity programs, with guidance grounded in real-world experience.

2. Independent and Unbiased
We’re not here to sell you software, hardware, or a managed services contract. Our only goal is to help you succeed—on your terms.

3. Built for Small Organizations
Our approach is practical, resource-aware, and designed specifically for small businesses, nonprofits, and professional services firms navigating modern compliance obligations.

You'll receive:

• A complete, FTC-aligned Information Security Program
   
• Risk assessments, policies, and safeguard implementation guidance
   
• Incident response planning and tabletop exercise templates
   
• Oversight of internal IT or your MSP to ensure alignment
   
• Strategic roadmap for long-term sustainment
   
• Optional transition into ongoing program ownership with iTGC
   
• All documentation and templates necessary to demonstrate compliance
   

90 Hours Total | 15 Hours per Month

Month 1: Program Ownership Support & Risk Discovery
The FTC requires that each organization designate a “Qualified Individual” to oversee its Information Security Program. For many small businesses, this is one of the hardest roles to fill. In Month 1, we help you understand this requirement, document your current posture, and conduct a formal risk assessment. iTGC serves as your interim advisor during the engagement, and you’ll decide at the end whether to transition ownership internally or continue with our support.

Month 2: Strategy & Risk-Based Safeguards
Finalize the risk assessment and develop a prioritized strategy to address identified risks. Begin mapping safeguard controls to risk findings, aligned with FTC Rule requirements.

Month 3: Policy Development & Internal Controls
Develop FTC-aligned policies and procedures, including access controls, encryption, multi-factor authentication, acceptable use, and secure data disposal. Define internal monitoring practices.

Month 4: Third-Party Oversight & Safeguard Testing
Review vendor agreements and establish oversight procedures for your MSP and other service providers. Identify key control points and implement periodic testing methods to validate safeguard effectiveness.

Month 5: Incident Response Planning
Develop a written Incident Response Plan with roles, notification protocols, and recovery steps. Conduct a tabletop exercise to test response readiness and ensure all stakeholders know their part.

Month 6: Training, Reporting & Sustainment
Train key personnel on their security roles and responsibilities. Prepare a board-level status report to demonstrate compliance progress. Finalize documentation and deliver a governance toolkit for continued use and future updates.

This engagement is designed to help you build the foundation of a compliant Information Security Program. However, FTC rules require that someone be accountable for maintaining it.

At the conclusion of the six months, you’ll have options:

• Continue with iTGC as your designated oversight partner through our Core Governance Service
   
• Transition oversight internally to a staff member, with training and documentation provided

 We help you launch the program the right way—so you can carry it forward with confidence.

Starting at $3,000/month
Pricing is based on business size and complexity. Includes all templates, documentation, workshops, and advisory support. No hidden fees or upsells.

If you’re unsure how to start or overwhelmed by the FTC Safeguards Rule, you’re not alone.

Let iTGC walk you through the process, align your safeguards with your business goals, and help you take the first step toward meaningful and defensible compliance.