News and Updates

Turnkey Vendor Risk Management solution for the Utility Sector

Electric Utility Sector Third Party Risk: FERC Order No. 850 As of December 2018, new supply chain risk management reliability standards (Order No. 850) issued by the Federal Energy Regulation Commission (FERC) went into effect. Going forward, electric utilities must assess their vendors during planning and procurement to confirm adequate security posture and controls. Electric utilities can make strides toward compliance with the three reliability standards (CIP-013-1, CIP-005-6, CIP-010-3) by implementing a vendor risk management program. The order’s intention is to “improve the electric industry’s cybersecurity posture by requiring that entities mitigate certain cybersecurity risks.” In

NYS DFS - Third Party Vendor Management Requirements

Starting today, March 1, 2019, banks, insurance companies, and financial services firms operating in the state of New York must have written policies and procedures in place ensuring they adequately vet their vendors’ information security systems. The vendor security requirement is the last phase of the NYDFS Cybersecurity Requirements that went into effect two years ago on March 1, 2017. The vendor security requirement can found in 23 NYCRR 500 Section 500.11 (p7). The Third Party Service Provider Security Policy requires firms implement policies and procedures, due diligence, and contractual protections to evaluate and control the cybersecurity practices of their third-party service prov