Dec 9th was the original FTC Safeguards deadline, and a key deadline for the annual report to management by the Qualified Individual. Over the course of the year from release on Jan 10, 2022, to the original deadline, OCD Tech helped auto dealers of all sizes with the hands-on support they needed to become complaint.
While some of the provisions were extended to June 9, 2023, many dealerships took the steps to become compliant earlier and get their safeguards in place. Here are some real-world stats on what it took for the dealerships to stand up the program:
Top 5 easiest, lowest cost areas:
1. Change Management policies and procedures
2. Establishing an Incident Response Plan
3. Software Development Lifecycle
4. Securely Disposing of Data
5. Security Awareness Training
Top 3 hardest, most expensive areas:
1. Continuous Monitoring or Penetration Testing
2. Designating a Qualified Individual
3. Log Activity of Authorized Users and Detect Unauthorized Access
What’s still outstanding:
Some major Dealer Management System providers and other third-party vendors becoming compliant.
Three takeaways from the end of year report to management:
1. A lack of visibility into enterprise assets
2. Insecure user permissions
3. Many of the requirements are process-based, and not “set-it-and-forget-it.” They require constant evaluation and ongoing monitoring to ensure continued compliance
June will be here faster than you think. Leverage our knowledge and decade of experience working with auto dealers to cost effectively meet these FTC safeguards requirements. Let us be your Qualified Individual.
