Cybersecurity as a Service...
PCI Compliance Services
Secure. Compliant. Audit-Ready.
Microtech Info Systems delivers end-to-end PCI solutions for businesses that accept, transmit, or store payment card information—auto dealerships, medical clinics, retail stores, real estate/title offices, and e-commerce operations.
Why PCI Compliance Matters
Payment environments are major targets for cybercrime. PCI-DSS protects cardholder data, reduces financial risk, and ensures that organizations can accept modern payment systems securely.
Microtech integrates PCI controls directly into your IT operations, combining cybersecurity, network administration, cloud systems, and full MSP support into a unified compliance framework.
 |  |  |  |
|---|---|---|---|
 |  |
FTC (Federal Trade Commission)-Compliant Information Security
The FTC Safeguards Rule is part of the Gramm–Leach–Bliley Act (GLBA) and applies directly to auto dealerships because they are considered financial institutions when they collect and process sensitive customer information for vehicle financing, credit checks, or leasing.
This regulation requires dealerships to protect customer data, implement a formal information security program, and prove continuous compliance.
1. Program (ISP / WISP)
A full written plan covering:
-
Data handling processes
-
Incident response
-
Encryption policies
-
Access control
-
MFA enforcement
-
Data retention
-
Disposal processes
-
Backup and recovery policies
2. Risk Assessment & Gap Analysis
Microtech provides:
-
Full onsite/remote audit
-
Evaluation of all departments (Sales, Service, Parts, F&I, Accounting)
-
Vulnerability identification
-
Prioritization of risks
-
FTC compliance scoring
-
Corrective plan of action
3. Technology Deployment & Security Controls
Microtech implements and manages:
Security Systems
-
EDR/XDR protection
-
Firewall, IPS, and gateway security
-
VPN with MFA
-
Email security (SPF/DKIM/DMARC)
-
Cloud backup and offsite retention
-
RMM system with 24/7 monitoring (N-Able)
Mandatory FTC Requirements
-
MFA for all critical systems
-
Full encryption of customer data
-
Role-based access control
-
Logging & monitoring
-
Automatic software patching
4. Monitoring, Testing & Review
-
Weekly network monitoring
-
24/7 threat detection
-
Quarterly vulnerability scans
-
Annual penetration test
-
Log retention and review
-
Monthly reporting to management
5. Employee Training & Awareness
Delivered for all dealership staff:
-
Cybersecurity awareness
-
Safe data handling
-
Password and MFA use
-
Phishing prevention
-
Clean desk policy
-
Secure printer & scan workflows
-
Proper disposal (paper & digital)
Includes certificates of completion for compliance records.
6. Vendor Management Program
All vendors are reviewed for:
-
DMS/CRM security
-
OEM portals
-
Finance app providers
-
Cloud tools
-
Service software
-
Vendor alternative hardware to be installed
-
Supervised hardware installation and configuration
Microtech maintains:
-
Vendor security files
-
Signed agreements
-
Risk scoring
-
Annual re-validation
-
Market Procurement
-
Asset controls and labeling system
7. Incident Response Plan
Microtech provides:
-
Full IR playbook
-
Breach notification workflow
-
Forensics and log details
-
Restoration guidelines
-
Reporting templates
8. Annual Compliance Report
A full report presented to the dealership’s ownership or board detailing:
-
Risk findings
-
Incident history
-
Infrastructure upgrades
-
Vendor performance
-
Employee training compliance
-
Future recommendations
The Consequences of Non-Compliance
Penalties include:
Up to $50,000 per customer affected - Lawsuits - Insurance refusal - Forced remediation orders - Loss of consumer trust