STAR approves uniform risk assessment standards to prep for Safeguards Rule implementation
On Wednesday, the Standards for Technology in Automotive Retail (STAR), a leading automotive IT standards organization, announced the approval of uniform risk assessment standards for retail automotive.
According to a news release, these standards can assist automotive dealers and vendors alike in complying with cybersecurity requirements under the revised Safeguards Rule from the Federal Trade Commission set to be implemented in June.
STAR explained the approved assessment simplifies and standardizes retail dealership and vendor compliance with the federal Gramm-Leach-Bliley Act (GLBA).
As part of the rule, automotive dealers must periodically assess their service providers for the adequacy of their physical, administrative, and technical information safeguards.
STAR’s approved assessment is completed by “service providers” to demonstrate their ability to adhere to privacy and cybersecurity standards set forth in the rule. Dealers can also proactively send the assessment to their service providers for completion.
“STAR remains committed to facilitating standardization across all aspects of the automotive industry, and compliance is no different,” said Andrew Wright, managing partner of Vinart Dealerships and chairman of STAR. “We are hopeful that this standardized assessment facilitates the timely adherence to these requirements.”
STAR’s approved assessment offers several potential benefits to dealers and vendors, including:
—Regulatory compliance: Vendors use the uniform risk assessment to satisfy regulatory requirements, while enabling dealers to continue using their services with confidence in existing security measures.
—Compatibility with popular frameworks: The assessment maps each item to well-known cybersecurity frameworks such as CIS Controls, PCI DSS, and SOC2, thereby making it easier for vendors to demonstrate compliance across multiple frameworks within one assessment.
—Level playing field: Adoption of these uniform standards can simplify the compliance process for vendors, enabling them to comply with a single assessment, instead of completing hundreds of different assessments for individual dealerships. Additionally, it holds vendors to consistent standards across the industry, such as implementing multi-factor authentication for systems containing nonpublic personal information (NPI).
—Concise and focused: The approved assessment is designed to be concise, with a focus on achieving the minimum legal and compliance standards necessary.
“Being able to satisfy the Safeguards Rule is paramount for dealerships. It helps defend against extortion and protects highly sensitive customer data,” said Shawn Leibold, director of industry relations at Reynolds & Reynolds and co-chairman of STAR. “Unfortunately, many dealerships find reaching that goal extremely difficult, due to a lack of standardization.
“STAR is changing that dynamic with this risk assessment questionnaire, created in collaboration with key stakeholders in the automotive retail space; and with the end goal of benefiting dealers while adding value to the industry as a whole,” Leibold continued.
STAR sees adoption of a standardized vendor cybersecurity risk assessment questionnaire bringing additional value to the industry by:
—Providing efficient risk management: Dealers can manage cybersecurity risks and evaluate the security posture of their vendors while ensuring that necessary safeguards are in place to protect sensitive data.
—Increasing trust and transparency: STAR’s approved assessment can promote trust and transparency between dealers and vendors with a commitment to industry-wide cybersecurity best practices.
—Saving time and money: By eliminating the need for multiple evaluations, this provides a significant cost savings across the industry while streamlining the compliance process.
“STAR’s uniform risk assessment standards represent a significant milestone in the organization’s ongoing efforts to improve cybersecurity across automotive retail,” the organization said. “With a clear and unified approach to risk assessment, STAR is taking strides to create a more secure and efficient environment for both dealers and vendors.”
To download a copy of STAR’s free risk assessment questionnaire, visit https://www.starstandard.org/index.php/risk-assessment-questionnaire/.