Your SEC obligations, the FTC Safeguards Rule, and Texas’s newer requirements have stopped being separate problems — they’re one written program, and the proof it holds up under examination. Briggs IT helps Texas advisory firms understand what’s required and build the documentation that stands when someone asks to see it.
The SEC’s Regulation S-P amendments are now in force for advisory firms of every size — including the smaller-firm deadline that has already passed. That means a written incident response program, customer notification within a set window after a breach of sensitive customer information, and updated safeguards policies aren’t on the horizon. They’re expected of your firm today. Layered on top is the FTC Safeguards Rule, in effect since 2023, with its own breach-notice obligations and a designated person responsible for the security program.
Texas added two more pieces. The Texas Responsible AI Governance Act (TRAIGA) — the state’s AI governance law, effective at the start of 2026 — creates obligations for any firm using AI tools in client communications, portfolio analysis, or marketing. And Texas Senate Bill 2610 (SB 2610) offers the other side of the coin: an affirmative safe harbor against punitive damages for a firm under the employee threshold that has the right program documented at the time of a breach. Taken together, the question isn’t whether these reach your firm. It’s whether you can show, in writing, that you’ve answered them.
A cybersecurity-focused examination tends to ask for the same things: your Written Information Security Program, your risk assessments and incident response plan, evidence that staff completed annual training, your vendor oversight documentation, and proof that multi-factor authentication is actually enforced. A firm that’s ready opens the file and hands it over. A firm that isn’t spends the next several weeks assembling it under pressure — and examiners notice the difference.
Briggs IT can’t rewrite your history — no one can produce records for assessments that never happened. What we can do is start building the record properly from day one, and keep it current, so that the history accumulates as we go. The firm that begins now is the firm that, a year or two from now, simply pulls the file when a request arrives — because the documentation has been growing the whole time, dated and real. The goal is steady, in the background, so the answer is “here it is,” not “give us three weeks.”
The Compliance Readiness Review is a working session built for advisory firms. We walk through where your firm sits against Regulation S-P, the FTC Safeguards Rule, and Texas Senate Bill 2610. Afterward, once we’ve worked through what we found, you get a written gap report — the specific documentation, policies, and controls you’re missing, in plain English. No sales pressure. The report is yours to keep, whether or not you ever hire Briggs IT.