A Third-Party Vendor Risk Management Program is Now Mandatory for Covered Entities
“Each Covered Entity shall implement written policies and procedures designed to ensure the security of Information Systems and Nonpublic Information that are accessible to, or held by, Third Party Service Providers.” SECTION 500.11
Trusted by 10 of the AM Law 100 Firms and their financial clients
Contact us for a no-cost strategy assessment.
Do you have the proper vendor risk management process in place per NYS DFS requirements?
Have you identified and cataloged all of the third party service providers you currently use?
Do you have written policies and procedures designed to ensure security of data held by third party service providers?
Have you set minimum cybersecurity practices required to be met by such third party service providers?
Do you periodically assess your third party service providers based on the risk they present and continued adequacy of their cybersecurity practices?