Helping our Dealer Partners check the GLBA boxes
Tekion is already helping you with your Safeguards checklist
Team Tekion
Jul 5, 2022
.jpg)
The Facts
- The Gramm-Leach-Bliley Act (“GLBA”) is a federal law that applies to businesses that handle consumer information relating to financial services
- GLBA was amended in October 2021, and as of December 9, 2022 auto dealerships are required to meet all its heightened information security requirements
- There are 2 rules under GLBA that apply to your information management practices
- The Safeguards Rule
- The Privacy Rule
As the industry’s first cloud-native solutions provider, Tekion has embraced innovative information security best practices from its very beginning, and we continue to lead the way in protecting customer information.
We’re already helping you with your checklist!
Designate an individual who has ultimate responsibility for the implementation and maintenance of the dealer’s Information Security Program
- The FTC expressly permits you to rely on the expertise of service providers like Tekion to manage the information security heavy lifting you are required to apply to your customer information.
Develop, implement, and maintain a written Information Security Program
- The data you store within Tekion is already protected by our refined and professionally managed information security program.
Provide Multi-Factor Authentication on all systems that access PII (Personally Identifiable Information)
- Tekion requires multi-factor authentication ("MFA") in its own operations, and enables MFA in your instance(s) of our products by default.
Perform, and periodically review, a comprehensive information security risk assessment
- Tekion's robust information security program includes requirements for periodic comprehensive review of its security landscape.
Periodic penetration testing and vulnerability scanning
- Tekion engages in this practice using robust, industry-leading tools.
Implement Change Management policies and procedures
- Tekion locks down its production code base and maintains intricate emergency deployment procedures designed for optimal responsiveness and security.
Exercise due diligence in selecting your service providers that have access to customer information, and require that they comply with the Safeguards Rule
- Tekion’s standard contract language includes our commitment to you that we meet the required elements of the Safeguards Rule. Additionally, we require the same contractual commitments from our own service providers.
Maintain a data retention policy
- This can be easily automated with Tekion’s cloud-native, configurable solutions.
Develop a plan to respond to, and recover from, security events affecting customer information
- Tekion’s incident response plans are comprehensive, sophisticated, and inclusive of all the Safeguards Rule concerns.