Qualified Individual Training
The rule requires a qualified individual. There must be one person in the dealership (or dealership group) who has the ability to oversee the organization's Information Security Program.
Designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program (for purposes of this part, “Qualified Individual”). The Qualified Individual may be employed by you, an affiliate, or a service provider.
Though the Rule does not require any special certification for QIs, many dealerships have asked for guidance in selecting and educating a QI. ACE has developed a Safeguards Specialist Certification program to educate dealership Qualified Individuals about the requirements of the revised FTC Safeguards Rule and to provide practical guidance in managing your Safeguards program. Certification program topics cover:
Conducting a security risk assessment,
Conducting a network vulnerability assessment on your computer network,
Understanding physical, technical, and administrative Safeguards,
Identifying and overseeing service providers,
Testing your safeguards Program for effectiveness,
Reacting to data breaches,
And much more.
ACE Certified Safeguards Specialists will gain the confidence they need to perform their role as the dealership’s Qualified Individual.