Baseline Nonbank Cybersecurity Exam Program
Question 13
How does the institution make sure it employs trustworthy third parties? Does the institution perform due diligence before entering into a contract? Is there an active vendor management program and/or methodology?
19
Question 14
Are contracts in place? Do vendor contracts require service providers to implement and maintain appropriate information security safeguards? Consider the confidentiality, availability, and integrity of information stored with the vendor. Does the vendor management program include specified contract deliverables, due dates, and service level agreements? Are vendors monitored on an ongoing basis? (not just at hire/selection)? Does it define each party's information security responsibilities under the contract?
20
Made with FlippingBook - Online Brochure Maker