Dealership GLBA
Dealership GLBA tools for the revised FTC Safeguards Rule
BUILT FOR DEALERS. BY DEALERS.
The only true "all-in-one" compliance solution for the revised FTC Safeguards Rule.


Why Choose Us?
Running Through the Numbers
The all-in-one Dealership GLBA Safeguards Rule compliance solution.
Exactly what you need and nothing more.
Achieve Total Compliance in Days
Contains everything you need to ensure your dealership is fully compliant with the GLBA Safeguards Rule. No unnecessary features, complex workflows or headaches. Just the necessary components to get you compliant in no time.
AFFORDABLE.
The NADA estimates that compliance with the revised Safeguards Rule will cost an average dealership $276,925 per year. Penetration testing alone can cost up to $30,000. ComplyAuto offers an "all-in-one" solution with a transparent pricing model that makes our software affordable for dealers of all sizes.
SIMPLE.
You shouldn't have to hire auditors or a full-time employee to administer your Information Security Program (ISP). Our system allows you to achieve total compliance in a matter of days, and with guided risk assessments and automated ISP updates, it makes it incredibly easy to keep it that way.
COMPLIANT.
Unfortunately, the majority of software products are missing critical dealership GLBA compliance components. Our system was built by experts who specialize in dealership law and compliance, and who know the rules, guidelines, and best practices inside and out.
Why Choose Us?
Device & Email Security
The FTC Safeguards Rule requires (1) device encryption, (2) threat monitoring, (3) employee monitoring and logging for misuse, deletion, and unauthorized disclosure of customer information. ComplyAuto can automate all of that in one affordable platform.
- Automated device-level encryption
- 24/7/ threat monitoring and remediation of malware & ransomware
- Email security with automatic detection & removal of phishing
- Next-gen anti-virus
- Managed endpoint detection and response (EDR + MDR / MTR)
- The only dealer-specific scanning tool for NPI violations
- Automatic identification of emailing NPI to unauthorized 3rd parties
- Identification of mass data deletion or transfers
- Much more . . .


Why Choose Us?
Automated Policy Builders
A properly drafted Information Security Program (ISP) is the first step in achieving dealership compliance with the GLBA and applicable state laws. Our ISP builder gets the job done in a matter of minutes and is completely unique to your dealership based on the results of your internal risk assessments.
- Customizable with several popular cybersecurity frameworks
- Automatically updates in real-time based on risk assessment results
- 50-state compliance support
- Incident response, change management & data retention plan builder
- Conforms to FTC guidelines and enforcement actions
- Includes sample data breach notification letter
- Embeds directly into our online employee training
Why Choose Us?
Guided Risk Assessments
The GLBA Safeguards Rule (as well as many state privacy laws) require you to perform regular risk assessments that test your physical, electronic, technical, and administrative safeguards. We make this easy with online tools that can be accessed via any device and assigned to any employee or service provider. Use our guided electronic risk assessments to document and demonstrate compliance with applicable rules.
- Mobile & tablet friendly
- Conforms to FTC and government guidelines
- Advanced Cybersecurity Frameworks Assessments (CIS Controls v8)
- Dozens of practical dealership tips
- Automated mitigation


Why Choose Us?
Employee Training
Many dealerships are unaware that the GLBA requires businesses to train their employees on the Safeguards Rule and corresponding Information Security Program. Our system allows you to enroll your employees in a short but effective training courses that is tailored to dealership operations, and everything is tracked so you can easily demonstrate compliance.
- Online course
- Unlimited enrollments
- Track completion
- SCORM Compliant so you can import into your existing HR platform
Why Choose Us?
Vendor Management
Ensure each of your applicable vendors complies with the requirement to sign an agreement that confirms to GLBA Safeguards Rule and have them complete a risk assessment questionnaire so you have confidence that you're entrusting your data with the right people.
- GLBA Service Provider contract management
- Thousands of dealer-specific vendor templates
- Electronic vendor risk assessment questionnaires
- Automatically send and receive vendor contracts
- Built-in eSign functionality


Why Choose Us?
Phishing Simulation Tests
Not only are internal phishing tests extremely effective at mitigating the risk of ransomware and security incidents, but the FTC has stated that social engineering and phishing simulations are an important part of the Safeguard Rule's annual penetration testing requirement. We offer a fully integrated solution and manage the tests for you at no additional cost.
- Unlimited testing
- Hundreds of templates based on real-life attack vectors
- Dealer-specific phishing campaigns
- Automatic security awareness training for phished employees
- Compare your results industry averages
- Azure Active Directory integration
Why Choose Us?
Interactive Data Mapping
The Safeguards Rule requires that dealers undertake a comprehensive data and systems inventory. ComplyAuto automatically maps the data you collect across the dealership and allows you to pinpoint exactly who is collecting which categories of personal information and why.
- Automatic data inventories and mapping
- Filterable by vendors, systems, business purposes, and more
- Synced in real-time with you vendor database
- Complies with GLBA data and systems inventory requirements
- Helps conformity with ISO, CIS, and NIST standards


Why Choose Us?
Full Internal Penetration Tests
The GLBA Safeguards Rule now requires annual penetration tests and biannual vulnerability assessments. ComplyAuto uses the most advanced technology to perform these tests in just hours and saves you tens of thousands of dollars in the process. Know your true risk of a ransomware attack or other cybersecurity incident.
- Full internal penetrations tests
- Internal and external vulnerability assessments
- Fully automated within 3-8 hours
- Based on real-life attack vectors
- Ransomware emulation tests