Commitment to Information Security

DealerBuilt maintains a written Information Security Program that is overseen by our Chief Information Officer and outlines the administrative, technical, and physical safeguards that we employ to protect our systems and the data that our clients entrust to us. The overview below highlights key elements of our current program (but is not exhaustive) and identifies some of the crucial internal resources and third-party partnerships we have in place that enable DealerBuilt to continuously bolster our DMS security posture and remain vigilant against new threats.


  • Maintains formal IT security policies and procedures that:
    • Guide our collection, storage, and maintenance of personally identifiable information (PII) to protect PII from unauthorized disclosure
    • Protect the physical and logical integrity of our IT resources by establishing standards for network security, protection against malicious software programs, use of mobile devices, connecting devices to the network, remote access, event monitoring, etc.
    • Outline standards – such as user authorization/access requests, password policies, anti-virus software use, application of software updates, encryption of storage devices, etc. – to appropriately secure IT systems, network resources, and applications
    • Require all DealerBuilt employees to participate in annual information security awareness training
  • Partners with top-tier hosting services provider, Amazon Web Services (AWS), to host its clients’ DMS solutions in a fully-dedicated cloud environment with physical and logical protections
    • Our hosted solution offers:
      • Dual Next-Generation Firewalls from Cisco in high-availability routing 
      • Multiple layers of network security controls, including policy-based-routing (PBR), Web Application Firewall (WAF), and Intrusion-Detection/Intrusion-Prevention Systems (IDS/IPS)
      • Advanced asymmetric encryption for protection of in-transit data from end-to-end
      • At-rest data encryption of personally identifiable information (PII) to achieve a high level of data protection  
      • Real-time, continuous security monitoring
    • The AWS cloud environment delivers robust performance and availability:
      • Advanced hosting facilities feature availability zones to support automatic fail-over, environmental protections like fully redundant power systems, temperature/climate control, and protection against fire and water damage, as well as N+1 core applications
      • Use of standardized, proven server configurations underpinned by optimized hardware results in predictable, stable performance
      • Predictive high-availability and hot spare hardware in place that delivers improved availability 
  • Maintains daily full database and transactional-level backups of clients’ data
  • Routinely undergoes third-party security assessments to test and validate our strict security controls, including: 
    • Vulnerability testing completed at least quarterly, mitigating all findings and retesting 
    • Penetration testing at least annually, mitigating all findings and retesting 
    • Annual security program audit, with quarterly review of results
  • Has an in-house security team led by a cybersecurity professional who holds CISSP (Certified Information Systems Security Professional) and CCSP (Certified Cloud Security Professional) certifications and has deep experience in all aspects of information security implementation and management
  • Maintains a security incident response program, as well as keeps a third-party incident response expert on retainer to assist with immediate incident management if needed