What we do

Every requirement of the Rule, handled by dealership specialists.

The FTC Safeguards Rule asks for written policies, trained staff, vetted vendors, tested controls, and documented evidence, all maintained year-round. SaferDealer delivers each piece, standalone or as a fully managed program. We work only with dealerships, so every service fits how your store runs.

Get your free gap assessment
Two professionals reviewing a compliance document together at a dealership
Every engagement starts with a free gap assessment.
Six core services

Each service satisfies a specific Safeguards Rule requirement, and holds up under scrutiny

1

FTC Safeguards Gap Assessment

We measure your current security practices against every element of the FTC Safeguards Rule and deliver a prioritized report showing exactly where you stand and what has to change.

Free version available for qualifying dealerships.

What it includes

  • Review of existing policies, procedures, and documentation
  • Interviews with key personnel in F&I, IT, and management
  • Mapping of current controls against all nine Safeguards Rule elements
  • Written gap report with a prioritized remediation roadmap
  • Executive summary suitable for dealer-principal review
2

Written Information Security Program

The FTC requires every covered dealership to maintain a WISP tailored to its size and complexity. We draft, review, and finalize a program that satisfies the Rule and reflects how your store actually operates.

What it includes

  • Custom WISP drafted to your dealership's systems and processes
  • Designation of a Qualified Individual with documented responsibilities
  • Access control, encryption, and incident-response policies
  • Annual review process with version control and change documentation
  • Board or dealer-principal report template for the annual review
3

Risk Assessment and Documentation

The Safeguards Rule requires a formal, written risk assessment that identifies threats to customer financial data. We run the assessment, document your controls, and produce a report you can put in front of an examiner on demand.

What it includes

  • Identification of every system that stores or processes customer financial data
  • Threat and vulnerability analysis across internal and external risk vectors
  • Risk-scoring matrix with likelihood and impact ratings
  • Documented safeguards mapped to identified risks
  • Annual reassessment to capture changes in your environment
4

Employee Security Awareness Training

Human error is the leading cause of data breaches at dealerships. We deliver role-based training for all staff, from sales and F&I to service and management, with the completion records the FTC expects to see.

What it includes

  • Role-specific modules for F&I, sales, service, and admin staff
  • Phishing awareness and social-engineering recognition
  • Password hygiene, device security, and acceptable-use policies
  • Incident-reporting procedures and employee acknowledgment forms
  • Training completion records maintained for regulatory documentation
5

Vendor Oversight Program

Your DMS, CRM, and financing partners all touch customer financial data. The FTC requires you to vet and monitor every service provider, and to hold them to appropriate security standards by contract.

What it includes

  • Inventory of all third-party vendors with access to customer financial data
  • Security questionnaire process and vendor risk scoring
  • Review of existing vendor contracts for Safeguards Rule language
  • Contract addendum templates for vendors that lack compliant terms
  • Ongoing vendor monitoring with annual review and re-attestation
6

Ongoing Compliance Monitoring and Reporting

Compliance is not a one-time project. The Rule requires continuous monitoring, periodic testing of controls, and regular reporting to leadership. We handle it so your program stays current without the overhead.

What it includes

  • Continuous monitoring of your information security program status
  • Annual penetration testing or vulnerability-assessment coordination
  • Quarterly compliance status reports for the dealer principal and management
  • Regulatory-change monitoring with program updates as the Rule evolves
  • Incident-response support and breach-notification guidance
How it works

Most dealerships go from no documentation to an auditable program in 60 to 90 days

  1. Day 0 Free Gap Assessment
  2. Week 1 to 2 Program Design
  3. Day 60 to 90 Implementation
1

Free gap assessment

A no-cost review of your current security posture. You get a written report showing every gap between where you are today and where the Rule requires you to be. No pressure, no obligation.

2

Program design

From your gap report we build a compliance roadmap sized to your dealership, systems, and risk profile. We identify which services you need, sequence them, and give you a clear timeline and fixed price.

3

Implementation

We execute the program, deliver the documentation, train your staff, and set up ongoing monitoring. When we are done you have a complete, auditable security program and the records to prove it.

Not sure which services your dealership needs?

Start with the free gap assessment. We will show you exactly which of the nine requirements you meet and which need work, then recommend only what closes the gap.

Get your free gap assessment