• OCD Tech will be the dealership's Qualified Individual and facilitate the compliance program
• Maintain a written InfoSec plan (WISP)
• Perform a risk assessment
• Periodically review access controls
• Manage data, personnel, devices, and facilities
• Maintain a secure software development lifecycle (SDLC)
• Actively oversee managed service providers (MSPs)
• Establish an incident response plan
• Implement multifactor authentication (MFA)
• Maintain a data retention policy
• Perform continuous monitoring or penetration testing
• Maintain policies and procedures
• Establish security and awareness training