We perform an annual security audit at Oxlo. The automakers, lenders and dealer system providers that work with us need to have 100% confidence in our security. This is why we’ve set a high bar for this part of our business. Running a business that connects to the point of sale in automotive requires nothing less considering the sensitivity of information—and vitality of information—to the parties that support this massive industry.
Aside from all the obvious stuff—looking at policies for firewalls, routers, DMZ and the like—we also dive into data protection. GLB (Gramm-Leach-Bliley Act) mandates a special sensitivity to safeguarding non-public personal information. You know you’re serious about handling security at this level when you not only factor in NADA, STAR, automaker and federal government standards, but also play out a breach scenario that entails contacting the FBI.
The good news is that Oxlo is tight. This is good for our many partners and customers because by using our services they can lay claim to a level of security they might not otherwise have achieved.
So who do you think should be leading our industry's debate on security? Reynolds & Reynolds? ADP? NADA? OSA? The automakers? Oxlo?
This is an extremely important topic for the industry and one that should not be left to any one industry participant. We all have an important part to play in safeguarding the data that we use and should take our responsibilities very seriously. I personally applaud Oxlo for proactively going through the process of insuring that they meet a high level of data and system security. OSA is taking steps to build a set of data security guidelines for companies that make use of dealer data. A first draft of these guidelines will be available in early April for review and comment by any and all in the industry. OSA's hope is that as an industry, we can engage in an active dialog and create a robust set of guidelines that can lead to a more secure data environment.
Posted by: Allan Stejskal | March 21, 2007 at 05:14 PM