Your data is only as secure as your third-party providers
Tips on vetting vendors that access your members’ sensitive information
Your reputation as a reliable steward of your members’ personal financial information today doesn’t rely solely on your internal data security program—your reputation also relies on any third parties you give access to this data.
We asked for advice about vetting third-party firms from two common types of credit union vendors: Allied Solutions, a lending and risk management services provider, and IDology, an identity verification solutions company.
Conversation and Documentation
Before delving into IT infrastructure and specifications, any good audit begins with simple conversations, says Josh Gideon, manager/audit and compliance for insurance solutions provider Allied Solutions, a CUES Supplier member based in Carmel, Indiana. He recommends starting audits by asking for the vendor’s data security policies and procedures. “You’re being graded based on what you say you’re doing,” he explains. “The auditors say, ‘Tell me what you say you’re doing, and then I’m going to test this to verify that you’re doing what you say you’re doing.’”
continue reading »