Pub. 4 2022 Issue 2

Be prepared for the road ahead. Whether you're optimizing operations or preparing for a sale or acquisition, our experienced advisors can help you map the road to success. eidebailly.com/dealerships 6. Verify that third-party service providers are doing everything possible to protect customer information and that providers are assessed based on the risk that they pose to the customer’s information. 7. Establish an Incident Response Plan (IRP). The IRP must include the goals of the plan, the internal process for responding to a security event, clear roles and responsibilities of the decision-makers, all communication if an event were to occur, how to remediate systems in the case of an event, documentation related to incident response actives and evaluation and revisions of the IRP. 8. Assure that the Qualified Individual reports in writing every year the overall status of the information security policy and compliance with the Revised Safeguards Rule. This should include documents that highlight any risk assessments, risk management controls, service provider contracts that handle customer information, penetration testing results, security events and the remediation steps, and changes to the information security program. Why Choose Eide Bailly for Your Cybersecurity Needs From proactive planning to supportive, timely response when you need it the most, we’re the trustworthy cybersecurity team you can count on. Our comprehensive security solutions include advisory, integration and threat management. Our vision is to help build a culture of security for every organization, so they have a proactive, planned-out response when cyber threats arise. 3 Build a culture of security in your dealership. Our team of advisors can help you prepare for the FTC’s New Safeguard Rules. Contact us at www.eidebailly.com. From proactive planning to supportive, timely response when you need it the most, we’re the trustworthy cybersecurity team you can count on. continued from page 21 22

RkJQdWJsaXNoZXIy ODQxMjUw