Reynolds and Reynolds
Solutions
Why Security Matters
When choosing a DMS and third-party vendors to work with, security matters:
  • Can you identify and control who has access to your system, what data sets are being accessed, and when data can be accessed?
  • Is your vendor keeping you compliant with government and industry regulations and legislation?
  • Is your vendor focused on minimizing your risks associated with data movement and storage?
Keeping Up with Regulations
Compliance with state and federal law is very real—for dealers, OEMs and industry vendors. Because of the complexity of technology, dealers should expect DMS providers to understand the changing legislation and work towards keeping systems compliant. Here are just a few examples of regulations impacting security enhancement.
  • All 50 states now have laws addressing unauthorized data access, hacking, computer trespass, viruses, and malware.1
  • Data breach notification legislation has been passed by 48 states, the District of Columbia, Puerto Rico, and the Virgin Islands.2
  • At the federal level, the Safeguards Rule of the Gramm-Leach-Bliley Act protects confidentiality and integrity of personal consumer information.
  • The Sarbanes Oxley Act forced an increased focus on information technology controls for publicly-held companies.
Reynolds has prioritized focus on keeping your systems compliant, and importantly, we have the resources to stay on top of the constantly-changing environment.

1. Source: National Security Conference of State Legislatures - Computer Crime Statutes: http://www.ncsl.org/research/telecommunications-and-information-technology/computer-hacking-and-unauthorized-access-laws.aspx
2. Source: National Conference of State Legislatures – Security Breach Notification Laws: http://www.ncsl.org/research/telecommunications-and-information-technology/security-breach-notification-laws.aspx

Minimizing Dealer Risk
Reynolds is helping protect dealers using Reynolds systems by maintaining system integrity with solid business rules for secure, monitored, and supported access.

  • Reynolds Integration Hub (RIH) ensures all data that is passed in or out of the Reynolds system is monitored and tracked.
  • All data transfer interfaces for RCI certified vendors are tailored to the vendors' specific business needs so they receive only what they identified in their request.
  • All inbound data changes are "journaled" to ensure a clear record of what changes occurred and who made them so Reynolds can attempt to restore data integrity to the best of its ability in the event of an error or corruption incident.
  • Reynolds Interface Agreement ensures third party vendors properly handle and protect all data the receive from a Reynolds system.
  • RCI certified vendors must provide specific provisions in their agreements with dealerships to protect the dealer's and consumer's data by federal and state guidelines.
Modems historically were used for dealer-to-factory communications and for remote support and system updates. Now most manufacturers have discontinued modem use, and Reynolds has also moved forward with communication solutions which are more convenient, less expensive, and more secure.
Examples of Regulations
An Overview of the Gramm-Leach-Bliley (GLB) Act and the Safeguards Rule
Real-life Experience
"We first noticed a problem when our network performance speed decreased. We went in to see what all was installed on the DMS. We found that companies had installed their software on our individual computers so they could pull their own reports. A program on a computer in Parts was able to pull F&I data!"

Patrick McKinley
Corporate Controller
Uftring Auto Group, East Peoria, IL