Learning Guide

How to manage security risks in vendor contracts

By Andrew M. Baer, Esq., Contributor

Financial institutions are required by their regulators to evaluate and manage the risk associated with sharing non-public customer and consumer information with third-party vendors. Generally speaking, as a critical component of their overall information security program, they must implement and maintain vendor management policies and procedures that include: pre-contract due diligence to verify each vendor maintains reasonable and appropriate security protections; a written contract with the vendor that mandates use of such protections and optimally reserves certain other rights for the financial institution; and periodic monitoring of the vendor after the contract is signed to verify its security.

This learning guide from SearchFinancialSecurity.com focuses on the second element of

    Requires Free Membership to View

vendor risk management: What needs to be in vendor contracts? Or, more precisely, what information security-related clauses should a financial institution include in its contracts with high-risk vendors (i.e., those who will have access to a significant amount of sensitive non-public personal information, such as names combined with account or Social Security numbers) to conform to regulatory guidance and industry best practices for managing vendor risk?


  Vendor contract management: Regulatory guidance is risk-based
  Vendor audit and monitoring contractual rights
  Data breach protection: Implementing vendor breach safeguards
  Vendor risk management: process and documentation

This was first published in September 2009

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: