Home / IT for Auto Dealerships
For auto dealerships · dealer groups · F&I

Your dealership is a financial institution too.

If your F&I office arranges financing, the FTC Safeguards Rule applies to you — written security plan, MFA, vendor oversight, incident response. Enforcement started in June 2023. And after the 2024 DMS outage put dealerships on paper for weeks, "what's our plan when a vendor goes down?" stopped being hypothetical.

★★★★★ 5.0 from 26 local reviews Based in Hutchinson, KS · serving dealerships statewide No long-term lock-in
Yes, this means you

The Safeguards Rule isn't just for banks.

Under the Gramm-Leach-Bliley Act, arranging or extending financing makes your dealership a "financial institution" — the FTC has said so explicitly. The Safeguards Rule (16 CFR Part 314) requires a documented security program, and since 2024 breaches affecting 500+ consumers must be reported to the FTC within 30 days. Every credit app in your F&I office is exactly the data the rule protects.

What the rule expects your dealership to have:

  • a written risk assessment & WISP
  • MFA on DMS, CRM & lender portals
  • oversight of DMS & F&I vendors
  • an incident response & continuity plan

WISP, written for you

We run the risk assessment and write the security program the FTC expects — then keep it current as your store changes.

MFA without the mutiny

Multi-factor on the DMS, CRM, email, and lender portals — rolled out so sales and F&I keep moving.

DMS-down continuity

A tested plan to keep selling, servicing, and funding deals when your DMS or a vendor goes dark — because 2024 proved it happens.

Evidence, organized

Training records, vendor reviews, monitoring logs — audit-ready, so an FTC inquiry or OEM security questionnaire isn't a fire drill.

Built for dealerships

Everything your store needs — compliance included.

One flat-rate partner for IT support, security, and the Safeguards Rule paperwork that comes with every credit application you take.

Risk assessment & WISP

The written risk assessment and security program the rule is built on — drafted, maintained, and ready to show the FTC or your OEM.

MFA & access control

Multi-factor across DMS, CRM, email, and lender portals — with departed-employee offboarding that actually gets done.

Vendor oversight

The rule makes you responsible for your DMS, F&I, and marketing vendors' security — we document and manage that oversight for you.

Backup & outage continuity

Encrypted, tested backups plus a real DMS-down playbook — deal jackets, service tickets, and payroll keep moving on the worst day.

24/7 monitoring & response

Continuous monitoring, patching, and endpoint protection across showroom, service, and office — the "detect and respond" the rule requires.

Wire-fraud & phishing defense

Email protection and staff training tuned to dealership scams — fake lender payoff changes, spoofed OEM invoices, title-wire fraud.

Free · ~2 minutes · No email needed to see your score

Where does your dealership stand today?

Rate your store against 14 key Safeguards Rule requirements and get an instant readiness score with your top gaps — including whether the written risk assessment the whole rule rests on is even in place.

Dealerships — questions, answered

Frequently asked questions

Does the FTC Safeguards Rule really apply to my dealership?

If your F&I office arranges or extends financing or leasing, yes — under the Gramm-Leach-Bliley Act that makes your dealership a "financial institution," and the FTC Safeguards Rule (16 CFR Part 314) applies. Full compliance has been enforceable since June 2023, and the FTC has made clear that dealerships are squarely in scope.

What does the rule actually require a dealership to have?

A written risk assessment and information security program (WISP), a designated qualified individual, multi-factor authentication on systems that touch customer financial data, encryption, access controls, continuous monitoring or annual penetration testing, staff training, oversight of service providers like your DMS and F&I vendors, and an incident response plan.

How does the 2024 DMS outage relate to compliance?

The nationwide DMS ransomware outage in June 2024 put thousands of dealerships on paper for weeks — and it made two Safeguards Rule requirements very real: overseeing your service providers, and having an incident response and continuity plan. If your dealership can't sell, service, or fund deals when a vendor goes down, that's an operational gap and a compliance gap at the same time.

We're a small independent lot — do the rules still apply?

If you arrange financing, yes. Dealers maintaining information on fewer than 5,000 consumers are exempt from a few written-reporting requirements, but the core safeguards — risk assessment, MFA, encryption, training, vendor oversight, incident response — apply regardless of size. Cash-only lots that never touch financing are generally outside the rule.

Can RT Solutions just handle Safeguards compliance for us?

Yes — that's the offering: we run the risk assessment, write and maintain the WISP, roll out MFA across your DMS, CRM, and lender portals, monitor your network 24/7, document vendor oversight, train your staff against wire fraud and phishing, and build the continuity plan for the next vendor outage. Compliance becomes a byproduct of well-run IT.

Ready when you are

Get compliant before the FTC — or the next outage — forces it.

Book a free, no-obligation discovery call. We'll tell you straight where your store stands against the Safeguards Rule and what closing the gaps actually takes.