Standards Streamline Cybersecurity Compliance for Automotive Dealers and Vendors
McLean, Va., March 29, 2023– The Standards for Technology in Automotive Retail (STAR), automotive’s leading IT standards organization, announced today the approval of uniform risk assessment standards for retail automotive. These standards assist automotive dealers and vendors alike in complying with cybersecurity requirements under the revised FTC Safeguards Rule.
The approved assessment simplifies and standardizes retail dealership and vendor compliance with the federal Gramm-Leach-Bliley Act (GLBA) Safeguards Rule. As part of the rule, automotive dealers must periodically assess their service providers for the adequacy of their physical, administrative, and technical information safeguards. STAR’s approved assessment is completed by “Service Providers” to demonstrate their ability to adhere to privacy and cybersecurity standards set forth in the Rule. Dealers can also proactively send the assessment to their Service Providers for completion.
“STAR remains committed to facilitating standardization across all aspects of the automotive industry, and compliance is no different,” said Andrew Wright, managing partner of Vinart Dealerships and chairman of STAR. “We are hopeful that this standardized assessment facilitates the timely adherence to these requirements.”
STAR’s approved assessment offers several benefits to auto dealers and vendors, including:
- Regulatory Compliance: Vendors use the uniform risk assessment to satisfy regulatory requirements while enabling dealers to continue using their services with confidence in existing security measures.
- Compatibility with Popular Frameworks: The assessment maps each item to well-known cybersecurity frameworks such as CIS Controls, PCI DSS, and SOC2, thereby making it easier for vendors to demonstrate compliance across multiple frameworks within one assessment.
- Level Playing Field: Adoption of these uniform standards simplifies the compliance process for vendors- enabling them to comply with a single assessment, instead of completing hundreds of different assessments for individual dealerships. Additionally, it holds vendors to consistent standards across the industry, such as implementing multi-factor authentication for systems containing nonpublic personal information (NPI).
- Concise and Focused: The approved assessment is concise, with a focus on achieving the minimum legal and compliance standards necessary.
“Being able to satisfy the Safeguards Rule is paramount for dealerships. It helps defend against extortion and protects highly sensitive customer data,” said Shawn Leibold, director of industry relations at Reynolds & Reynolds and co-chairman of STAR. “Unfortunately, many dealerships find reaching that goal extremely difficult, due to a lack of standardization. STAR is changing that dynamic with this risk assessment questionnaire, created in collaboration with key stakeholders in the automotive retail space; and with the end goal of benefiting dealers while adding value to the industry as a whole.”
STAR’s adoption of a standardized vendor cybersecurity risk assessment questionnaire brings additional value to the industry by:
- Providing Efficient Risk Management: Dealers can manage cybersecurity risks and evaluate the security posture of their vendors while ensuring that necessary safeguards are in place to protect sensitive data.
- Increasing Trust and Transparency: STAR’s approved assessment promotes trust and transparency between dealers and vendors with a commitment to industry-wide cybersecurity best practices.
- Saving Time and Money: By eliminating the need for multiple evaluations, this provides a significant cost savings across the industry while streamlining the compliance process.
STAR’s uniform risk assessment standards represent a significant milestone in the organization’s ongoing efforts to improve cybersecurity across automotive retail. With a clear and unified approach to risk assessment, STAR is taking strides to create a more secure and efficient environment for both dealers and vendors.
To download a copy of STAR’s free risk assessment questionnaire, visit:
Standards for Technology in Automotive Retail (STAR) is a nonprofit organization whose members include dealers, original equipment manufacturers, retail system providers, and automotive-related industry organizations. STAR uses non-proprietary technology (IT) standards as a catalyst in fulfilling the business information needs of dealers and manufacturers while reducing the time and effort required to support related activities. Collectively, STAR develops industry standards and emerging technologies for the benefit of retail automotive dealers. Incorporated in 2001, STAR defines industry standards for automotive retail, standard architecture that supports global data interoperability, and standardizes the dealership IT infrastructure.