Rule Requirement

314.4 (c) (1)

Implementing and periodically reviewing access controls, including technical and, as appropriate, physical controls to:

• (i) Authenticate and permit access only to authorized users to protect against the unauthorized acquisition of customer information; and

• (ii) Limit authorized users' access only to customer information that they need to perform their duties and functions, or, in the case of customers, to access their own information;

Our Service

Mosaic Compliance Services provides Access Control best practices and documentation. Our training and documentation will help you understand access controls and implement those appropriate for your dealership.

Safeguards
services

Systems Monitoring Logging

Continuous Vulnerability Assessments

Continuous Monitoring/Endpoint Detection and Response

Unauthorized Activity Monitor

Employee & Qualified Individual Security Awareness Training

Oversee Service Providers

Incident Response Plan

Annual Report

Recommended Safeguards

Qualified Individual

Risk Assessment

Access Controls

Data and Systems Inventory

Encryption

Secure Development Practices

Multifactor Authentication

Secure Disposal Practices

Change Management