Dealership GLBA tools for the revised FTC Safeguards Rule

BUILT FOR DEALERS. BY DEALERS.

The only true "all-in-one" compliance solution for the revised FTC Safeguards Rule.

Dealership GLBA
Why Choose Us?

Running Through the Numbers

0 +
Active Dealerships
%
Client retention Rate
0 +
Dealer Association Endorsements

The all-in-one Dealership GLBA Safeguards Rule compliance solution.

Exactly what you need and nothing more.

Achieve Total Compliance in Days

Contains everything you need to ensure your dealership is fully compliant with the GLBA Safeguards Rule. No unnecessary features, complex workflows or headaches. Just the necessary components to get you compliant in no time.

AFFORDABLE.

The NADA estimates that compliance with the revised Safeguards Rule will cost an average dealership $276,925 per year. Penetration testing alone can cost up to $30,000. ComplyAuto offers an "all-in-one" solution with a transparent pricing model that makes our software affordable for dealers of all sizes.

SIMPLE.

You shouldn't have to hire auditors or a full-time employee to administer your Information Security Program (ISP). Our system allows you to achieve total compliance in a matter of days, and with guided risk assessments and automated ISP updates, it makes it incredibly easy to keep it that way.

COMPLIANT.

Unfortunately, the majority of software products are missing critical dealership GLBA compliance components. Our system was built by experts who specialize in dealership law and compliance, and who know the rules, guidelines, and best practices inside and out.

Why Choose Us?

Device & Email Security

The FTC Safeguards Rule requires (1) device encryption, (2) threat monitoring, (3) employee monitoring and logging for misuse, deletion, and unauthorized disclosure of customer information. ComplyAuto can automate all of that in one affordable platform.
Dealership ISP Builder
Why Choose Us?

Automated Policy Builders

A properly drafted Information Security Program (ISP) is the first step in achieving dealership compliance with the GLBA and applicable state laws. Our ISP builder gets the job done in a matter of minutes and is completely unique to your dealership based on the results of your internal risk assessments.
Why Choose Us?

Guided Risk Assessments

The GLBA Safeguards Rule (as well as many state privacy laws) require you to perform regular risk assessments that test your physical, electronic, technical, and administrative safeguards. We make this easy with online tools that can be accessed via any device and assigned to any employee or service provider. Use our guided electronic risk assessments to document and demonstrate compliance with applicable rules.
Dealership GLBA Risk Assessment
GLBA Training
Why Choose Us?

Employee Training

Many dealerships are unaware that the GLBA requires businesses to train their employees on the Safeguards Rule and corresponding Information Security Program. Our system allows you to enroll your employees in a short but effective training courses that is tailored to dealership operations, and everything is tracked so you can easily demonstrate compliance.
Why Choose Us?

Vendor Management

Ensure each of your applicable vendors complies with the requirement to sign an agreement that confirms to GLBA Safeguards Rule and have them complete a risk assessment questionnaire so you have confidence that you're entrusting your data with the right people.
GLBA Vendor Management
Dealership Phishing Simulator
Why Choose Us?

Phishing Simulation Tests

Not only are internal phishing tests extremely effective at mitigating the risk of ransomware and security incidents, but the FTC has stated that social engineering and phishing simulations are an important part of the Safeguard Rule's annual penetration testing requirement. We offer a fully integrated solution and manage the tests for you at no additional cost.
Why Choose Us?

Interactive Data Mapping

The Safeguards Rule requires that dealers undertake a comprehensive data and systems inventory. ComplyAuto automatically maps the data you collect across the dealership and allows you to pinpoint exactly who is collecting which categories of personal information and why.
Dealership Interactive Data Map
Dealership GLBA Penetration Test
Why Choose Us?

Full Internal Penetration Tests

The GLBA Safeguards Rule now requires annual penetration tests and biannual vulnerability assessments. ComplyAuto uses the most advanced technology to perform these tests in just hours and saves you tens of thousands of dollars in the process. Know your true risk of a ransomware attack or other cybersecurity incident.

Don't wait for trouble. Get compliant now.

Mock OSHA Assessment

FEATURES:

  • On-demand eight-hour assessment that imitates a real OSHA audit.
  • Conducted by an EHS Pro with OSHA-10 or OSHA-30 certification and 5+ years of experience. 
  • Simulated employee interviews
  • Issue tracking and task management
  • Detailed assessment reports after the assessment with images, videos, and recommended steps for remediation.

    Privacy & Cyber Compliance Suite

    FEATURES:

    • Custom legal policies with real-time updates, including the Information Security Program (ISP)
    • Customized Incident Response Plan (IRP)
    • Internal risk assessment tools and hands-on guidance
    • Biannual penetration testing (2) 
    • Biannual vulnerability scans (2)
    • Employee security awareness training and completion tracking
    • Extensive vendor management library – hundreds of vendor-completed GLBA contracts & risk assessments
    • Device & systems inventory automation and mapping tools
    • Unlimited industry-specific internal phishing simulations to train staff
    • Complete 50-state privacy compliance required by your state (CA, CO, CT, DE, IA, IN, MT, OR, TN, TX, UT, VA)
    • Website cookie consent banners and unique consumer privacy request portals
    • Annual report to the Board of Directors generated every year
    • Compliance Guarantee

      CPR/AED Certification

      FEATURES:

      • Instruction provided by Certified American Red Cross Instructors.
      • Practical, hands-on training sessions to practice CPR and AED techniques
      • Proper automated external defibrillator (AEDs) instruction and operation
      • American Red Cross exam and certification
      • Access to study materials, manuals, and resources for continued education and reference.
      • Available for organizations and groups, allowing for tailored training sessions.

      HR Fundamentals

      FEATURES:

      • Customized policy builder with real-time updates
      • E-sign functionality for required employee policies 
      • Online HR training with employee completion tracking
      • State-specific policies and training
      • Employee management tool
      • Training and policies include Workplace Violence, Active Shooter, IT and Electronic Device Use, Biometric Data Privacy, Sexual Harassment, and more 
      • HR Fundamentals access is included with any other ComplyAuto product

        Encrypted Messaging

        FEATURES:

        • Encrypt SMS text and email messaging among staff, clients, and customers when sending and receiving files
        • Track usage and detect violations in real-time
        • Advanced security features include auto-deletion of files, Multi-Factor Authentication protection, IP safelisting, and domain blocklisting
        • Supports compliance with various state and federal regulations and recognized industry standards: GLBA, HIPAA, SOC 2, ISO 27001, NIST, CIS Controls, SEC

          Safety Compliance Suite

          FEATURES:

          • Concierge on-site onboarding 
          • On-demand safety walkthroughs conducted by experienced EHS Pros at various intervals – once, twice, or four times per year
          • Comprehensive Online Training Library and employee progress tracking
          • Automated 50-State Legal Injury & Illness Reporting
          • Policy Builders with Automatic Updates
          • Simplified SDS Creation and Management
          • Guided risk mitigation
          • Signage builder & tracking
          • Efficient equipment inspections with QR Codes
          • Tier 1 Spill Prevention Control and Countermeasure Plan 
          • Automated Tier 2 environmental reporting for all 50 states 
          • Unlimited one-on-one support from our dedicated team
          • Workplace Violence and Active Shooter Policy and Training
          • Unlimited one-on-one support from our dedicated team
          • Automated Tier II environmental reporting for all 50 states.

            EduTech Course 3

            Program to Fulfill AG Disciplinary Order - $299/student

            The California AG routinely penalizes facilities that violate these laws and requires them to perform specific remedies while on probation. One of these remedies requires the ARD to take a course that outlines the laws and regulations of the Automotive Repair Act. This program fulfills the requirement.

            FEATURES:  

            • Comprehensive online course about the Automotive Repair Act

            • Access to training materials anytime (24/7/365)

            • Comprehensive companion manual to the training material

            • Quizzes and final exam to track engagement and learning ability

            • Certificate generated upon completion

            EduTech Course 2

            Program to Fulfill BAR Remedial Training - $299/student

            As part of their authority to levy fines and corrective actions against repair facilities, the Bureau of Automotive Repair may direct them to take a remedial training program. This program is intended for facilities who have already been identified by the BAR as needing corrective action and have committed to taking a remedial training course in lieu of specific penalties.The California Attorney General (AG) has required violating automotive repair dealers to take a course that instructs students on the laws and regulations of the Automotive Repair Act as part of the disciplinary order.

            FEATURES:

            • Comprehensive online course about the Automotive Repair Act

            • Access to training materials anytime (24/7/365)

            • Comprehensive companion manual to the training material

            • Quizzes and final exam to track engagement and learning ability

            • Certificate generated upon completion

            • Automated notification to the Bureau of Automotive Repair

             

            EduTech Course 1

            Automotive Repair Act Certification Training - $49/month per rooftop

            Provide advisors and technicians with the knowledge and tools necessary to comply with California laws and regulations and be viewed favorably by the Bureau of Automotive Repair.

            FEATURES:

            • Comprehensive online course about the Automotive Repair Act

            • Access to training materials anytime (24/7/365)

            • Comprehensive companion manual to the training material

            • Quizzes and final exam to track engagement and learning ability

            • Certificate generated upon completion

            F&I Compliance Suite

              • Precise Deal Jacket Audits to identify and address real-world F&I compliance issues accurately.
              • Focused Compliance on specific F&I compliance concerns such as Fair Lending Compliance Solutions, California Litigation, Vehicle Safety Recalls, Used Vehicle History, FTC Buyers Guide & Federal Warranty Disclosures, 
              • Automated EZ Cash Reporting & Anti-Money Laundering with IRS Reporting 
              • Spot Delivery & Unwind Management
              • Real-Time Issue Identification Quickly detect compliance gaps and issues, enabling swift corrective action and risk mitigation.
              • Online F&I Compliance Training 
              • Compliance Guarantee

                Device & Email Security

                FEATURES:

                The combined features create a dynamic defense system that adapts to evolving cybersecurity threats and secures the organization's digital ecosystem.

                • Continuous threat detection and response powered by Coro:
                  • EDR (Endpoint Detection and Response) 
                  • MDR (Managed Detection and Response) 
                  • 24/7 Security Operations Center team
                  • Swift response and alert to potential security breaches
                • Enhanced authentication and access control via Multi-factor Authentication (MFA) powered by Duo Security™
                • Advanced email security to shield e-threats such as phishing, malware, spam, and scams – integrates with Google Workspace & Microsoft Office 365.
                • Data governance and Data Loss Prevention (DLP)  detect and manage employee data-sharing practices. 
                • Device-level encryption for Windows and macOS
                • Public & unencrypted wifi blocking
                • Next-gen antivirus
                • Automated password policy and session locking enforcement