Lafayette, Colo. – September 7, 2022 – Today, KPA and Sensitive Data Protect, LLC (SDP) announced a partnership to provide customers with a comprehensive solution to comply with the Federal Trade Commission’s (FTC) Safeguards Rule information technology (IT) revised requirements as enforcement begins December 9, 2022. Through KPA, SDP will provide dealerships, ranging from automotive to recreational vehicles, with cyber security services and tools to implement and support a cyber security program that addresses the mandated FTC requirements of the Safeguards Rule.
“KPA’s partnership with SDP complements our Sales F&I compliance consulting services and software to give customers a complete solution that will help them meet the upcoming Safeguards Rule IT requirements,” said Scott Schell, Chief Technology Officer. “This partnership demonstrates our commitment to provide dealerships with the software and services that they need to keep people safe, comply with changing regulations, and protect their business.”
A Dealership Solution for Safeguards Rule Compliance That Targets IT and Cyber Security to Prevent Cyber Attacks
Through KPA, SDP Compliance will work with dealerships to assess their IT systems and data privacy practices and identify any cyber security risks and vulnerabilities. Through continuous monitoring of IT networks, initial scans of the Dealer Management System and IP addresses, SDP Compliance will establish a risk profile and a tailored program for dealers to address any vulnerabilities and liability exposures. Additionally, if necessary, SDP will reduce threats with on-site penetration testing and bi-annual vulnerability scans of a dealer’s firewall, servers including email, and all IP addresses.
“SDP is extremely pleased to partner with KPA to establish market leading compliance solutions to address the complex Safeguards Rule information security program (ISP) requirements for all franchise, independent, powersports, and heavy-duty truck dealers,” said Peter Leger, CEO/CO-Founder. “SDP and KPA separate ourselves from the competition by not only rapidly identifying the risk profile of our dealers, but we also assist dealers in providing and implementing the necessary cyber security solutions from beginning to end – one stop shop.”
KPA and SDP Partnership Helps Dealers Meet December Deadline and Cyber Security Testing Requirements
Last year, the FTC revised the Safeguards Rule, a directive from the Gramm-Leach-Bliley Act, requiring financial institutions, including dealerships, to develop, implement, and maintain a comprehensive information security program. The revisions include more details about the required elements of an information security program, like access controls, data inventory and classification, encryption, secure development practices, multi-factor authentication, information disposal procedures, change management, testing, and incident response plans. The partnership between KPA and SDP Compliance provides dealerships with additional compliance tools to help meet all the requirements from audit services, legal documentation, assessing vendor management cyber security risk for shared non-public information, and needed software tools and systems.
KPA provides Safeguards-related program materials, including a written information security program template, qualified individual form, service provider risk assessment, and general awareness training courses. Through a series of questions, KPA’s F&I compliance consultants can help dealers assess their programs by checking on vulnerabilities and the regularity of the required penetration testing. Using SDP Compliance, dealerships can leverage the organization’s expertise in IT and cyber security to ensure that their business is safe from online cyber-attacks and that their employees are trained to safely manage and protect their customers’ personal information.
# # #
About KPA
Stay Compliant. Reduce Liability. KPA makes automotive sales and F&I compliance simple. Our on-site services and online tools help dealerships comply with state and federal regulations, protect the reputations of their brands, minimize legal liability, and maximize customer satisfaction.
About SDP
Managed services provider of cyber security solutions to ensure dealers of any size are fully compliant with the new Safeguards Rule ISP. SDP was created by automotive retail & data compliance management experts to focus on crucial GLBA/FTC Safeguards Rule ISP, State regulatory data privacy requirements, related cyber security risks and compliance challenges facing Dealers, and now being held responsible for their OEMs and Retail Partners who have access to the dealers’ shared non-public information.