3 requirements of Safeguards Rule risk assessment reports
Ignite Consulting Partners continued its Tip of the Week series by again focusing on the enhanced Safeguards Rule set to be implemented by the Federal Trade Commission.
Ignite said that independent and buy-here, pay-here dealerships should have completed or at least are in the process of compiling their risk assessments and formulated a report mandated by the FTC.
The firm said that these reports should contain details based on your investigation about events where the FTC says pose a foreseeable risk “to the security, confidentiality, and integrity of customer information.”
Those risks could be physical or digital, internal or external, or in any combination of those and no two are going to look the same.
Ignite then noted three components these risk reports must contain, including:
• Be written: The first rule is that it must be documented in writing.
• Define risk criteria: Every assessment must include the criteria you used to determine those risks. Examples include high/medium/low and urgent/not urgent.
• Include plans for periodic reassessment: It is not a one-time event, but ongoing. Changes to your business and the emergence of new threats are ongoing and your assessment procedures should reflect that.
“Examples of changes that would prompt a review include moving to a new building or changing high risk vendors such as your ISP or cloud storage solutions,” Ignite experts said. “During COVID, many of you changed your work from home policies, allowing employees to work remotely and even use their own devices.
“Major structural changes like these present their own set of risks and require a reanalysis. New threats may come from external sources such as new viruses or vulnerabilities found in the hardware or software you use,” they continued.
To help dealerships and finance companies even more, Ignite is rolling out what it’s calling “The Works.” It’s a six-part package designed to help operations navigate through preparations for the intensified Safeguards Rule, which is set to go into practice in December.
And through Oct. 31, Ignite is offering a 40% discount on “The Works.”
If you have questions about compiling this initial report, choosing a qualified individual and would like to speak to a compliance specialist or to get more information about “The Works,” send an email to Ignite at info@ignitecp.com or call (817) 900-8754.