top of page

Mandatory Safeguards: Access Controls, Systems Inventory, Secure Development Practices

Let's continue with the list of mandatory safeguards:

Access Controls

Access to customer data must be only permitted to authorized users. Examples of access controls include:

  • password protection for electronic databases

  • locked doors securing physical files

Systems Inventory

This should already have been performed as part of the risk assessment process. It is broader than you might think and requires the dealership to consider all locations of customer data not just the DMS and CRM environments. Website appointment scheduling software, personal computers, and cellphones of dealership employees may all contain customer data and should be included in the system inventory.

Secure Development Practices

This requirement reminds us that the Safeguards Rule was not written with the average dealership in mind. That's because the average dealership does not develop its own software. But some do, and even those that do not need to ensure the software they use that involves the transmission processing, and storage of customer data was developed using secure practices.


bottom of page