FTC Safeguards Compliance
In December 2021, the FTC revised the Safeguards Rule, which is a component of the Gramm-Leach-Bliley Act (GLBA). The Rule requires that financial institutions, including dealerships, develop, implement, and maintain a comprehensive written information security program. KPA provides the tools and services to help you stay compliant.
Sales F&I compliance software and services limit your
liability from the first contact to deal close.
KPA helps dealerships, develop, implement, and maintain a comprehensive information security program.
KPA provides a sample Designation of Qualified Individual Form.
Additionally, during an on-site Safeguards review, your KPA Consultant will confirm the qualified individual is in place.
Your KPA Consultant will validate you have completed a yearly risk assessment and verify there is a written assessment.
They will also provide a written report detailing the handling of physical customer data with recommendations for implementing new controls.
KPA provides a sample written Information Security Program template.
During an on-site Safeguards review, your KPA Consultant will inquire that you have put proper information safeguards in place that address and/or control the risks identified in the assessment.
KPA partners with Helion Technologies, SDP Compliance, and Infosec Institute to provide IT monitoring, Phishing Simulation and other cyber security services to help you comply with the Safeguards Rule requirements.
KPA will also verify you have put in place a continuous monitoring solution or have conducted penetration and vulnerability tests.
KPA provides online General Security Awareness training.
During an on-site Safeguards review, your KPA Consultant will validate you have provided regular training programs and that security personnel are keeping up to date with security trends and program risk needs.
Incident Response Plan
KPA provides templates for both an Incident Response Plan and a Breach Notification Form.
During on-site Safeguards review, your KPA Consultant will verify that an incident response plan is in place. They will also confirm a walkthrough of the plan is conducted annually.
Service Provider Oversight
KPA provides a Sample Service Provider Risk Assessment and a Sample Service Provider GLBA Addendum.
During your on-site Safeguards review, your KPA Consultant will inquire that the correct service provider addendum is in place and covers all providers.
Your KPA Consultant will verify regular reports are being produced by the qualified individual.
Your consultant will also ensure both Safeguard assessments and KPA’s on-site physical Safeguard security reports are incorporated into the dealer’s risk assessment remediation plans.
Learn how KPA customers are saving time and money, while building a safer workforce.
Here are some resources to help you build a better safety program.