FTC Safeguards Rule (GLBA)
Meets all procedural and administrative requirements of the FTC Safeguards Rule (and GLBA). The FTC Safeguards Rule requires dealers to adopt tools to meet GLBA-specific vendor management requirements, complete internal risk assessments, enroll their employees in security awareness training, and more.
Compliance is Complicated.
We Make It Easy.
From an intuitive user interface to seamless integration, our software provides everything you need to optimize your workflow and achieve exceptional results.
Gain peace of mind and stop worrying with ComplyAuto’s comprehensive GLBA & FTC Safeguards Rule Compliance Package.
FTC Safeguards & GLBA Compliant
Maintain compliance with the revised FTC Safeguards Rule (and GLBA).
Automate Processes
Reduce manual tasks and the risk of error with effective automation.
The Only Fully Compliant Solution
Let our experts do the hard work for you and ensure compliance across your business.
FTC Breakdown
Safeguards Rule Requirements
Hover over the cards below to see how you can comply. (Hint: ComplyAuto does it all for you)
Written Policies
∙ Information Security Program (ISP) ∙ Incident Response Plan (IRP) ∙ Data Retention Plan (DRP) ∙ IT Change Management Procedures
How to Comply?
Implement an updated written Information Security Program (ISP), Incident Response Plan (IRP), and Data Retention Policy (DRP).
ComplyAuto gets this up and running in minutes with our automated ISP, IRP, and DRP builder.
Annual Written Risk Assessment
∙ Identify any information security risks ∙ Document mitigation efforts ∙ Update the four policies based on the results
How to Comply?
Perform periodic written risk assessments that document risks, evaluations methods, and mitigation.
ComplyAuto has guided electronic risk assessments tailored to dealerships that make performing these assessments and mitigating the risks an easy DIY task.
Annual Employee Security Awareness Training
Training on security awareness, and security program policies, procedures, and safeguards
How to Comply?
Perform “security awareness” training for all employees.
ComplyAuto allows you to easily enroll employees in a dealer-centric security awareness course. You can even export our course to your existing HR or training platform.
Phishing & Social Engineering Simulations
Tests based on social engineering and phishing scams for penetration testing
How to Comply?
Perform annual penetration tests, which the FTC cites as including social engineering and phishing simulation campaigns.
ComplyAuto offers these tests as a completely managed service.
GLBA Service Provider Contracts
Service providers who access NPI must sign contract promising to implement reasonable safeguards
How to Comply?
Require service providers by contract to implement physical and technical safeguards for NPI.
ComplyAuto has a built-in vendor management platform that allows you to send and track required contracts.
Annual Service Provider Risk Assessments
Periodic security questionnaires for service providers to ensure safeguards continue
How to Comply?
Periodically assess service providers for their adequacy of physical and technical safeguards.
ComplyAuto has a built-in vendor management platform that allows you to send and track vendor risk assessment questionnaires.
Annual Penetration Testing
Perform annual internal penetration testing (simulated hacking) of your networks
How to Comply?
Perform annual penetration tests.
ComplyAuto’s on-demand penetration test uses the Mitre Attack Framework to protect your data. ComplyAuto is also the ONLY dealer compliance platform with a true integrated penetration test at no additional charge (value of $20,000/year).
Biannual Vulnerability Scans
Perform biannual vulnerability assessments for known exploits
How to Comply?
Perform bi-annual vulnerability tests.
ComplyAuto runs automated network vulnerability scans for your dealerships and provides you with regular reports of any identified vulnerabilities. ComplyAuto is also a SecureSuite member of the Center of Internet Security (CIS) and provides a powerful security vulnerability assessment and scanning tool to your dealership at no additional charge (value of $11,000/year).
Device, Data & Systems Inventory
Data and systems inventory identifying owned data and tracking where data is collected, stored, or transmitted (systems and vendors)
How to Comply?
Identify and track how your data is collected, stored, and transmitted.
With automated data mapping & inventories, and over 5,000 dealer-specific vendors in our library, ComplyAuto is the only software that handles all data and systems inventory for you.
Annual Report to Board of Directors
Submit a written report to senior executives summarizing efforts to comply with the Safeguards Rule
How to Comply?
Submit a periodic written report to the dealership’s board of directors or senior officer on compliance with these new requirements and overall status and results of the Information Security Program (ISP).
ComplyAuto generates this report for your dealership automatically with the click of a button.
Written Policies
∙ Information Security Program (ISP) ∙ Incident Response Plan (IRP) ∙ Data Retention Plan (DRP) ∙ IT Change Management Procedures
How to Comply?
Implement an updated written Information Security Program (ISP), Incident Response Plan (IRP), and Data Retention Policy (DRP).
ComplyAuto gets this up and running in minutes with our automated ISP, IRP, and DRP builder.
Annual Written Risk Assessment
∙ Identify any information security risks ∙ Document mitigation efforts ∙ Update the four policies based on the results
How to Comply?
Perform periodic written risk assessments that document risks, evaluations methods, and mitigation.
ComplyAuto has guided electronic risk assessments tailored to dealerships that make performing these assessments and mitigating the risks an easy DIY task.
Annual Employee Security Awareness Training
Training on security awareness, and security program policies, procedures, and safeguards
How to Comply?
Perform “security awareness” training for all employees.
ComplyAuto allows you to easily enroll employees in a dealer-centric security awareness course. You can even export our course to your existing HR or training platform.
Phishing & Social Engineering Simulations
Tests based on social engineering and phishing scams for penetration testing
How to Comply?
Perform annual penetration tests, which the FTC cites as including social engineering and phishing simulation campaigns.
ComplyAuto offers these tests as a completely managed service.
GLBA Service Provider Contracts
Service providers who access NPI must sign contract promising to implement reasonable safeguards
How to Comply?
Require service providers by contract to implement physical and technical safeguards for NPI.
ComplyAuto has a built-in vendor management platform that allows you to send and track required contracts.
Annual Service Provider Risk Assessments
Periodic security questionnaires for service providers to ensure safeguards continue
How to Comply?
Periodically assess service providers for their adequacy of physical and technical safeguards.
ComplyAuto has a built-in vendor management platform that allows you to send and track vendor risk assessment questionnaires.
Annual Penetration Testing
Perform annual internal penetration testing (simulated hacking) of your networks
How to Comply?
Perform annual penetration tests.
ComplyAuto’s on-demand penetration test uses the Mitre Attack Framework to protect your data. ComplyAuto is also the ONLY dealer compliance platform with a true integrated penetration test at no additional charge (value of $20,000/year).
Biannual Vulnerability Scans
Perform biannual vulnerability assessments for known exploits
How to Comply?
Perform bi-annual vulnerability tests.
ComplyAuto runs automated network vulnerability scans for your dealerships and provides you with regular reports of any identified vulnerabilities. ComplyAuto is also a SecureSuite member of the Center of Internet Security (CIS) and provides a powerful security vulnerability assessment and scanning tool to your dealership at no additional charge (value of $11,000/year).
Device, Data & Systems Inventory
Data and systems inventory identifying owned data and tracking where data is collected, stored, or transmitted (systems and vendors)
How to Comply?
Identify and track how your data is collected, stored, and transmitted.
With automated data mapping & inventories, and over 5,000 dealer-specific vendors in our library, ComplyAuto is the only software that handles all data and systems inventory for you.
Annual Report to Board of Directors
Submit a written report to senior executives summarizing efforts to comply with the Safeguards Rule
How to Comply?
Submit a periodic written report to the dealership’s board of directors or senior officer on compliance with these new requirements and overall status and results of the Information Security Program (ISP).
ComplyAuto generates this report for your dealership automatically with the click of a button.
GLBA-Specific
Vendor Management
With over 5,000 dealer-specific vendors in our library, we are the only software that handles it all for you. Save time and automate your processes.
Penetration Testing & Vulnerability Assessments
Don’t overpay an IT company to do what ComplyAuto can and competition can’t. We’re the only dealer compliance platform to perform true integrated penetration tests.
Critical Compliance & Cybersecurity Software
Threats to your business are at an all time high; the Safeguards Rule requires you to manage many aspects that can be overwhelming.
ComplyAuto handles it all for you.
Automation That Works for You
Easily meet FTC requirements with features that streamline your operations, including automated executive reporting requirements and easy-to-use builders.
Privacy Brochure
Learn how ComplyAuto can provide the #1 most widely used software for dealership consumer privacy and data security compliance.
Ready to get started?
Don’t wait any longer. Take action today and request a free demo to speak with an expert about our latest innovations.
Company Footprint
#1
Recommended Compliance Solution
10,000+
Active Dealers Nationwide
42/50
State Dealer Association Endorsements
200+
Years of Combined Automotive and Legal Experience