FTC Safeguards Compliance
In December 2021, the FTC revised the Safeguards Rule, which is a component of the Gramm-Leach-Bliley Act (GLBA). The Rule requires that financial institutions, including dealerships, develop, implement, and maintain a comprehensive written information security program. KPA provides the tools and services to help you stay compliant.
Sales F&I compliance software and services limit your
liability from the first contact to deal close.
KPA helps dealerships, develop, implement, and maintain a comprehensive information security program.
Qualified Individual
KPA provides a sample Designation of Qualified Individual Form.
Additionally, during an on-site Safeguards review, your KPA Consultant will confirm the qualified individual is in place.
Risk Assessment
Your KPA Consultant will validate you have completed a yearly risk assessment and verify there is a written assessment.
They will also provide a written report detailing the handling of physical customer data with recommendations for implementing new controls.
Information Safeguards
KPA provides a sample written Information Security Program template.
During an on-site Safeguards review, your KPA Consultant will inquire that you have put proper information safeguards in place that address and/or control the risks identified in the assessment.
Safeguards Testing
KPA partners with Helion Technologies, SDP Compliance, and Infosec Institute to provide IT monitoring, Phishing Simulation and other cyber security services to help you comply with the Safeguards Rule requirements.
KPA will also verify you have put in place a continuous monitoring solution or have conducted penetration and vulnerability tests.
Personnel Training
KPA provides online General Security Awareness training.
During an on-site Safeguards review, your KPA Consultant will validate you have provided regular training programs and that security personnel are keeping up to date with security trends and program risk needs.
Incident Response Plan
KPA provides templates for both an Incident Response Plan and a Breach Notification Form.
During on-site Safeguards review, your KPA Consultant will verify that an incident response plan is in place. They will also confirm a walkthrough of the plan is conducted annually.
Service Provider Oversight
KPA provides a Sample Service Provider Risk Assessment and a Sample Service Provider GLBA Addendum.
During your on-site Safeguards review, your KPA Consultant will inquire that the correct service provider addendum is in place and covers all providers.
Annual Reporting
Your KPA Consultant will verify regular reports are being produced by the qualified individual.
Your consultant will also ensure both Safeguard assessments and KPA’s on-site physical Safeguard security reports are incorporated into the dealer’s risk assessment remediation plans.
Take a Test Drive
See how everything works together to make your dealership’s safety and compliance program a success.
Customer Spotlight
Learn how KPA customers are saving time and money, while building a safer workforce.
Having a structured and reputable compliance partner like KPA takes away all the guesswork.
VP Finance Operations, LAcarGUY
Recommended Resources
Here are some resources to help you build a better safety program.
The F&I Forbidden 20
Crossing the line in F&I can do substantial damage to your dealership's reputation. Why take the chance?
The F&I Minute
Let’s take a minute to talk about the F&I issues and advice that’ll save your bottom line and protect your reputation.