This checklist is intended to help you quickly gauge which Safeguards you have, and which you might need. The list below represents the technical and administrative requirements of the revised Safeguards Rule. Click here to view our physical Safeguards checklist.

Dealership Safeguards Requirement Checklist:

Click the button below to download a copy of this checklist.

This checklist is intended to help you perform quick audits of your Physical Safeguards. It is not a comprehensive Risk Assessment and does not address the Technical and Administrative Safeguards that should also be in place as a part of your dealership’s Safeguards Program. A full Risk Assessment should be conducted at least annually. This checklist can be used to address and review the Physical Safeguards at your dealership. Some questions may not be applicable if your business uses electronic rather than paper records.

Dealership Physical Safeguards Checklist:

To download this checklist click the button below.

What F&I agents need to know about the Safeguards Rule in 2023.

A Dealer's Greatest Cost Risk is a Data Breach (Not FTC Fines)

$228,125

Average dealer payout to thieves in a ransomware attack. (1)

84%

Of consumers would say they would not go back to buy another vehicle after their data had been compromised. (1)

70%

Reduction in the cost of a data breach for organizations implementing ongoing protections. (2)

(1) CDK Global. “State of Cybersecurity in the Dealership 2022” cdkglobal.com/insights/state-cybersecuritydealership-2022. September 27, 2022.

(2) IBM Security. “Cost of a Data Breach Report 2022” ibm.com/reports/data-breach

Most Safeguards Are Due Now, Not in June

How to action the Safeguards Extension

Due December 9th, 2022

• Security Awareness Training for Employees

• Continuous Monitoring

• Unauthorized Activity Monitoring

• Systems Monitoring and Logging

• Data and Systems Inventory

• Written Information Security Program

• Secure Development Practices

• Secure Disposal Practices

• Change Management Procedures

• Annual Report

Due June 9th, 2023

• Data Encryption

• Multifactor Authentication

• Overseeing Service Providers

• Qualified Individual

• Written Risk Assessment

• Access Controls

• Training and Testing security personnel

• Written incident Response Plan

Compliance Doesn't Equal Security

Check Out Our Whitepaper - Compliance Doesn't Equal Security

Example: The requirement of "Continuous Monitoring" can be solved in two ways, but only EDR protects data and reduces the chance of a breach.

Endpoint Detection & Response

• 24/7 Data Protection

• Stops cyber attacks

• Expert humans do the work

Pen Test & Vulnerability Scans

• Doesn't protect data

• Snapshot of vulnerabilities (2 per year)

• Requires technical expertise

Why Partner With Mosaic?

What's Unique About Mosaic's Solution?

• Each dealer gets a dedicated human guide

• Mosaic does much of the work for dealers

• 17+ years in retail automotive compliance

• Consistently costs less than other "solutions"

WATCH: Mosaic's Safeguards Solution

Mosaic Will Build a Dealer's Onboarding Plan and Execute Setup Together

How to Help Your Dealers with Safeguards

Step 1:

• Schedule a dealer demo with Mosaic

• Have your dealer complete the Safeguards Questionnaire

Step 2:

• The dealer will receive a quote and review it with a Safeguards expert at Mosaic

Step 3:

• Once e-signed, a dedicated account manager will schedule their onboarding