Through our Information Security Program, Borgman Ford Mazda safeguards
the personal non-public information we collect from customers. Our
Information Security Program is designed to do insure the
confidentiality and security of customer information, protect against
any anticipated threats to the security and /or, integrity of the
Dealership's customer information, and protect against unauthorized
access to or use of this customer information.
For purposes of the Program, "customer information" means any information about a customer of the Dealership, or information the Dealership receives about the customer of another financial institution that can be directly or indirectly attributed to the customer. This Program, in and of itself, does not create a contract between the Dealership and any person or entity.
This Program and the safeguards it contemplates shall be implemented and maintained by an employee or employees ("Program Coordinator") designated by the Dealership President. The Program Coordinator shall design, implement, and maintain new safeguards as he or she determines to be necessary from time to time. The Program Coordinator shall report to the Dealership President. The Program Coordinator may delegate or outsource the performance of any function under the Information Security Program as he or she deems necessary from time to time.
In the event the Program Coordinator leaves the employment of the Dealership, the Dealership President shall take over the responsibilities of the Program Coordinator until a new Program Coordinator is designated.
The Program Coordinator shall conduct a risk assessment to identify reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information that could result in its unauthorized disclosure, misuse, alteration, destruction, or other compromise, and assess the sufficiency of any safeguards in place to control these risks.
The risk assessment shall cover all relevant areas of the Dealership's operations, as determined by the Program Coordinator. At a minimum, the risk assessment shall cover the following:
Once the Program Coordinator has identified the reasonably foreseeable risks to the Dealership's customer information, the Program Coordinator will determine whether the Dealership's current policies and procedures in these areas sufficiently mitigate the potential risks identified. If not, the Program Coordinator shall design new policies and procedures that meet the objectives of the Program. Final policies and procedures that meet the objectives of the Program shall be made part of the Program.
The Program Coordinator shall regularly test or audit the effectiveness of the Dealership's safeguards' key controls, systems, and procedures, to ensure that all safeguards implemented as a result of the risk assessment are effective to control the risks identified in the risk assessment. The Program Coordinator .shall revise current safeguards and/or implement new safeguards as necessary to ensure the continued viability of the Program.
The Program Coordinator shall review and approve each service provider contract prior to its execution by the Dealership to ensure that each contract contains appropriate obligations of the service provider to comply with the Dealership's safeguarding requirements.
The Program Coordinator shall reevaluate and modify the Program from time to time as the Program Coordinator deems appropriate. The Program Coordinator shall base such reevaluation and modification on the following:
In order to assist the Program Coordinator in this regard, the Dealership shall keep the Program Coordinator apprised of the nature and extent of all third party relationships and any operational changes or other matters that may impact the security or integrity of the Dealership's customer information.
In keeping with the objectives of the Program, the Dealership shall implement, maintain, and enforce the following employee management and training safeguards:
In keeping with the objectives of the Program, the Dealership shall implement, maintain, and enforce the following information systems safeguards:
In keeping with the objectives of the Program, the Dealership shall implement, maintain, and enforce the following attack and intrusion safeguards: