FTC Safeguards Readiness Assessment

What This Assessment Checks

The assessment focuses on practical safeguard areas that commonly create risk, documentation gaps, or follow-up questions.

Answer 7 Quick Questions

After you submit the assessment, you’ll see a preliminary result on screen and receive a detailed readiness summary by email.

Please enable JavaScript in your browser to complete this form.

Do you have a specific person responsible for information security? *

• Yes
• Partial
• No / Unsure

Why this matters:

If no one clearly owns information security, important safeguards can be missed or handled inconsistently. Security often becomes reactive instead of managed.

Suggested Next Step:

Identify who is responsible for overseeing security practices, coordinating vendors, and tracking safeguard improvements.

Have you completed a written risk assessment? *

• Yes
• Partial
• No / Unsure

Why this matters:

Without a written risk assessment, it can be difficult to know what customer information exists, where it lives, who can access it, and what protections are needed.

Suggested Next Step:

Document key systems, sensitive information, access points, likely threats, and the safeguards currently in place.

Is MFA enabled for email, admin accounts, remote access, and key business systems? *

• Yes
• Partial
• No / Unsure

Why this matters:

If MFA is not enabled or access is not controlled, a compromised password may be enough for someone to access email, files, business systems, or customer information.

Suggested Next Step:

Review key accounts, confirm who has access, and enable MFA where appropriate, especially for email, admin accounts, remote access, and critical business systems.

Are backups automatic, monitored, protected, and tested? *

• Yes
• Partial
• No / Unsure

Why this matters:

If backups are missing, untested, or vulnerable to ransomware, your business may have limited ability to recover from data loss, system failure, or a cyber incident.

Suggested Next Step:

Confirm what is backed up, how often backups run, who monitors them, whether they are protected, and whether restore testing has been performed.

Do you review vendor or third-party access to your systems and customer information? *

• Yes
• Partial
• No / Unsure

Why this matters:

If vendor access is not reviewed, outside parties may have more access than they need, or former vendors may still be able to access systems or customer information.

Suggested Next Step:

Create a list of vendors with access, confirm what each vendor can access, and remove access that is no longer needed.

Do you have a written incident response plan?

• Yes
• Partial
• No / Unsure

Why this matters:

Without a written incident response plan, the business may lose valuable time during ransomware, email compromise, data exposure, stolen devices, or unauthorized access.

Suggested Next Step:

Document who should be contacted, what systems should be checked, how decisions are made, and when outside help should be involved.

Can you prove what safeguards are in place with documentation?

• Yes
• Partial
• No / Unsure

Name help completed

Why this matters:

If safeguards are not documented, it may be hard to respond to insurance reviews, vendor requests, internal questions, legal concerns, or compliance-related inquiries.

Suggested Next Step:

Begin organizing documentation for access controls, MFA, backups, vendor access, security policies, incident response, and technical safeguards.

Where should we send your readiness report?

We’ll email your detailed readiness summary after you submit the form.

Name *

Business Email Address *

Phone Number

Company Name *

Would you like help understanding your results?

• Yes, I’d like Triple H Solutions to help me review my results.

Send My Readiness Report