This checklist is intended to help you perform quick audits of your Physical Safeguards. It is not a comprehensive Risk Assessment and does not address the Technical and Administrative Safeguards that should also be in place as a part of your dealership’s Safeguards Program. A full Risk Assessment should be conducted at least annually. This checklist can be used to address and review the Physical Safeguards at your dealership. Some questions may not be applicable if your business uses electronic rather than paper records.

Dealership Physical Safeguards Checklist:

To download this checklist click the button below.

See us at booth #511.

Mosaic is excited to be attending Agent Summit 2023. See us at booth #511. We'd love to speak with you about your compliance needs.

We solve your compliance problems - affordably!

Mosaic Compliance Services was founded in 2006 by attorneys focused on dealership defense. Over the years, Mosaic has increased the scope of its compliance solutions while consistently driving down our cost, resulting in our private-labeled program winning the Dealers' Choice Diamond Award for Compliance Training seven years in a row (2016 - 2022).

Whether your dealership's compliance concerns involve the revised Safeguards Rule, F&I and sales practices, or sexual harassment, let Mosaic craft a solution that won't break the bank.

Visit our show page to see our team attending the summit and learn more about our offerings. See you there!

What F&I agents need to know about the Safeguards Rule in 2023.

A Dealer's Greatest Cost Risk is a Data Breach (Not FTC Fines)

$228,125

Average dealer payout to thieves in a ransomware attack. (1)

84%

Of consumers would say they would not go back to buy another vehicle after their data had been compromised. (1)

70%

Reduction in the cost of a data breach for organizations implementing ongoing protections. (2)

(1) CDK Global. “State of Cybersecurity in the Dealership 2022” cdkglobal.com/insights/state-cybersecuritydealership-2022. September 27, 2022.

(2) IBM Security. “Cost of a Data Breach Report 2022” ibm.com/reports/data-breach

Most Safeguards Are Due Now, Not in June

How to action the Safeguards Extension

Due December 9th, 2022

• Security Awareness Training for Employees

• Continuous Monitoring

• Unauthorized Activity Monitoring

• Systems Monitoring and Logging

• Data and Systems Inventory

• Written Information Security Program

• Secure Development Practices

• Secure Disposal Practices

• Change Management Procedures

• Annual Report

Due June 9th, 2023

• Data Encryption

• Multifactor Authentication

• Overseeing Service Providers

• Qualified Individual

• Written Risk Assessment

• Access Controls

• Training and Testing security personnel

• Written incident Response Plan

Compliance Doesn't Equal Security

Check Out Our Whitepaper - Compliance Doesn't Equal Security

Example: The requirement of "Continuous Monitoring" can be solved in two ways, but only EDR protects data and reduces the chance of a breach.

Endpoint Detection & Response

• 24/7 Data Protection

• Stops cyber attacks

• Expert humans do the work

Pen Test & Vulnerability Scans

• Doesn't protect data

• Snapshot of vulnerabilities (2 per year)

• Requires technical expertise

Why Partner With Mosaic?

What's Unique About Mosaic's Solution?

• Each dealer gets a dedicated human guide

• Mosaic does much of the work for dealers

• 17+ years in retail automotive compliance

• Consistently costs less than other "solutions"

WATCH: Mosaic's Safeguards Solution

Mosaic Will Build a Dealer's Onboarding Plan and Execute Setup Together

How to Help Your Dealers with Safeguards

Step 1:

• Schedule a dealer demo with Mosaic

• Have your dealer complete the Safeguards Questionnaire

Step 2:

• The dealer will receive a quote and review it with a Safeguards expert at Mosaic

Step 3:

• Once e-signed, a dedicated account manager will schedule their onboarding