4 Best Practices for Due Diligence

By Global Relay on January 31, 2016
GR-logo-RGB.png
Global Relay

 
  

Financial institutions are increasingly becoming the target of complex cyberattacks. As a result, more and more firms are being compromised and unintentionally participating in fraudulent activities.

Below are 4 Best Practices for Due Diligence:

  1. Perform pre and post-contract due diligence on vendors. Because many vendors have access to sensitive information, firms must manage cybersecurity risk exposures that arise from these relationships. In principle, firms should avoid using vendors whose security standards do not meet those of the firm. Specific controls must be in place to govern security concerns of the vendor’s products, services, infrastructure, sub-contractors and business recovery practices.
  2. Establish appropriate contractual terms.
    It is important for firms to establish language to manage vendor relationships.  Standard contract language typically includes:
    1. Confidentiality and non-disclosure agreements
    2. Data storage and retention
    3. Breach notifications
    4. Right-to-audit clauses
    5. Vendor employee access limitations
    6. Use of subcontractors – and the controls needed for the use of subcontractors.
  3. Include vendors in ongoing risk assessments.
    Vendor systems and processes should be included in a firm’s overall risk assessment process, including being scored and analyzed just like any other in-house system.
  4. Define vendor access termination procedures.
    When the relationship with the vendor ends, a clear process should be defined that allows for protection of the firm’s data and its removal from the vendor’s system. Documentation concerning the data removal process and vendor access termination should also be included.

Cyber security is a significant risk faced by broker-dealers today that will likely grow in priority and importance in the coming years.  By addressing the challenges that cyber security creates, firms can identify vulnerabilities and take the measures needed to minimize the impact of cyberattacks. 

To find out more about Global Relay’s security controls, and the measures we take to protect customer data, please click here!

Submit a Comment

Stay up to date

Global-Relay-Logo_RGB-White-Red

Global Relay is the leading provider of cloud archiving, compliance, information governance and eDiscovery solutions for the global financial sector and other highly regulated industries. Global Relay delivers services to over 23,000 customers in 90 countries, including 22 of the top 25 banks. Global Relay Archive supports email, IM, Bloomberg®, Refinitiv, social media, mobile messaging and more - with mobile, Outlook and web access.

Important Links
phone.svg

866.484.6630
email.svg

info@globalrelay.net
address.svg
286 Madison Avenue, 7th Floor
New York, NY 10017
Copyright @2010-2020. All Right Reserved.