Vendor Management Program
- Vendor due diligence on all required service providers.
- Assist with confirming service providers will provide notice of an incident within 72 hours, based off the items provided and reviewed.
- Detailed analysis and documentation of all findings, including potential security gaps.
- Light passive external scan of all vendors’ public domains.
- Assistance with reviewing current Vendor Management Policy and/or drafting a Vendor Management Policy to align with Amended Regulation S-P.
Incident Response Program
- Review and/or draft an Incident Response Plan that addresses identification, containment, eradication, and notification of breaches.
Customer Notification Requirement
- Provide a “Notice Determination Checklist” and “Notice Template” that can be used in the event customer notification is needed.
Recordkeeping and Expansion of Safeguards and Disposal (including written records)
- In coordination with our compliance team, draft policies and procedures to meet both of these requirements.