National Course Portal
Home
BlogReviewer AccessStudent LoginVerify CertificateSupportAbout
Compliance guides/Corporate compliance
Corporate compliance/5 min read/Reviewed May 14, 2026

FTC Safeguards Rule Cybersecurity Training: What Employers Should Document

Covered financial institutions need a written information security program, employee training, and specialized training for people carrying out the program.

Quick answer

The FTC Safeguards Rule requires covered financial institutions to develop, implement, and maintain a written information security program. FTC guidance identifies employee training and specialized training for people responsible for carrying out the program as important elements. The rule is program-based, so employers should document training as part of the institution's risk-based safeguards rather than wait for one universal annual deadline.

Course path

Cybersecurity Awareness Training

General cybersecurity awareness course is open. Covered institutions still need a written Safeguards Rule information security program.

Enroll employees

Compliance Snapshot

Covered entities
FTC-jurisdiction financial institutions
Program
Written information security program
Training
Employee and specialized role-based training
Breach notice
Some events reported no later than 30 days after discovery

Who should care about the Safeguards Rule?

The FTC Safeguards Rule applies to certain financial institutions under FTC jurisdiction, a category that can include businesses that do not think of themselves as banks. FTC guidance discusses examples such as motor vehicle dealers that arrange financing.

Covered businesses need a written information security program appropriate to their size, complexity, activities, and customer information sensitivity.

What training should be documented?

FTC guidance points to employee training and specialized training for employees, affiliates, or service providers with hands-on responsibility for carrying out the information security program.

Training should connect to real safeguards: phishing, passwords, MFA, access controls, secure data handling, incident reporting, service provider risk, and the organization's internal process.

Where National Course Portal fits

The Cybersecurity Awareness Training course can provide a documented baseline for all employees who need general cyber-risk awareness.

Covered institutions should supplement it with their written information security program, role-based procedures, incident response workflow, access control policies, and Qualified Individual oversight.

Employer Checklist

  1. 1Confirm whether the business is a covered financial institution.
  2. 2Maintain a written information security program.
  3. 3Train employees on practical cyber-risk behaviors.
  4. 4Provide specialized training to people carrying out the program.
  5. 5Document completion dates and training topics.
  6. 6Pair training with incident response and breach notification workflows.

FAQ

Does the FTC Safeguards Rule require cybersecurity training?

FTC guidance identifies employee training and specialized training for people responsible for carrying out the information security program as important safeguards.

Is there an annual Safeguards Rule training deadline?

The rule is program-based rather than tied to one universal annual training date. Many businesses use annual refreshers to document ongoing safeguards.

Is general cybersecurity awareness enough?

General awareness helps, but covered institutions also need a written information security program and role-specific safeguards.

Official Sources

  • Federal Trade Commission: Safeguards Rule guide
  • Federal Trade Commission: Automobile dealers and the Safeguards Rule FAQ

This guide is general information for employer planning. It is not legal advice, and employers should confirm requirements with counsel, the regulator, or the requesting agency before relying on any course for a specific obligation.

Common searches answered
  • FTC Safeguards Rule employee training
  • cybersecurity training for auto dealers
  • GLBA Safeguards Rule training requirements
Deadline

No single annual training date; training should support the written information security program and role-specific responsibilities.

Related guides
FCPA Anti-Bribery Training: When to Refresh Employee Compliance Training
National Course Portal

Online driver improvement, parenting education, and certificate support in one place.

Course approval, certificate acceptance, reporting, and refund rules vary by state and by the student's reason for attendance. The site provides general course information only and does not offer legal advice or guarantee any court, DMV, employer, insurance, or agency outcome.

Support: admin@nationalcourseportal.com

Back to National Course Portal
BlogAboutStudent LoginSupportVerify CertificateTermsPrivacyAccessibilityDMCACopyrightReviewer Access
© 2026 Driver Course Platform LLC d/b/a National Course Portal. All rights reserved.