How to manage security risks in vendor contracts

Financial institutions face numerous regulatory requirements for managing vendor risk. Learn what financial firms need to include in their vendor contracts in order to conform with regulatory guidance and industry best practices for vendor risk management.

By Andrew M. Baer, Esq., Contributor

Financial institutions are required by their regulators to evaluate and manage the risk associated with sharing non-public customer and consumer information with third-party vendors. Generally speaking, as a critical component of their overall information security program, they must implement and maintain vendor management policies and procedures that include: pre-contract due diligence to verify each vendor maintains reasonable and appropriate security protections; a written contract with the vendor that mandates use of such protections and optimally reserves certain other rights for the financial institution; and periodic monitoring of the vendor after the contract is signed to verify its security.

This learning guide from SearchFinancialSecurity.com focuses on the second element of vendor risk management: What needs to be in vendor contracts? Or, more precisely, what information security-related clauses should a financial institution include in its contracts with high-risk vendors (i.e., those who will have access to a significant amount of sensitive non-public personal information, such as names combined with account or Social Security numbers) to conform to regulatory guidance and industry best practices for managing vendor risk?


HOW TO MANAGE SECURITY RISKS IN VENDOR CONTRACTS

  Introduction
  Vendor contract management: Regulatory guidance is risk-based
  Vendor audit and monitoring contractual rights
  Data breach protection: Implementing vendor breach safeguards
  Vendor risk management: process and documentation
This was first published in September 2009

Dig deeper on Business partner and vendor security issues

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

This Content Component encountered an error
Close