This article was originally published on CU Management.
Your reputation as a reliable steward of your members’ personal financial information today doesn’t rely solely on your internal data security program—your reputation also relies on any third parties you give access to this data.
We asked for advice about vetting third-party firms from two common types of credit union vendors: Allied Solutions, a lending and risk management services provider, and IDology, an identity verification solutions company.
Conversation and Documentation
Before delving into IT infrastructure and specifications, any good audit begins with simple conversations, says Josh Gideon, manager/audit and compliance for insurance solutions provider Allied Solutions, a CUES Supplier member based in Carmel, Indiana. He recommends starting audits by asking for the vendor’s data security policies and procedures. “You’re being graded based on what you say you’re doing,” he explains. “The auditors say, ‘Tell me what you say you’re doing, and then I’m going to test this to verify that you’re doing what you say you’re doing.’”
To initially gauge the quality of a vendor’s data security program, Gideon suggests asking the firm’s leader about the program’s policies and procedures. “If the CEOs or owners of the companies seem to have no clue about the policies and procedures, it’s a pretty good indication that they’re not really behind them,” he notes.
Read the full article here.
Stay Informed on Resources from Allied Solutions: Join our e-newsletter list!