4 Best Practices for Due Diligence

By Global Relay on January 31, 2016
Global Relay



Financial institutions are increasingly becoming the target of complex cyberattacks. As a result, more and more firms are being compromised and unintentionally participating in fraudulent activities.

Below are 4 Best Practices for Due Diligence:

  1. Perform pre and post-contract due diligence on vendors. Because many vendors have access to sensitive information, firms must manage cybersecurity risk exposures that arise from these relationships. In principle, firms should avoid using vendors whose security standards do not meet those of the firm. Specific controls must be in place to govern security concerns of the vendor’s products, services, infrastructure, sub-contractors and business recovery practices.
  2. Establish appropriate contractual terms.
    It is important for firms to establish language to manage vendor relationships.  Standard contract language typically includes:
    1. Confidentiality and non-disclosure agreements
    2. Data storage and retention
    3. Breach notifications
    4. Right-to-audit clauses
    5. Vendor employee access limitations
    6. Use of subcontractors – and the controls needed for the use of subcontractors.
  3. Include vendors in ongoing risk assessments.
    Vendor systems and processes should be included in a firm’s overall risk assessment process, including being scored and analyzed just like any other in-house system.
  4. Define vendor access termination procedures.
    When the relationship with the vendor ends, a clear process should be defined that allows for protection of the firm’s data and its removal from the vendor’s system. Documentation concerning the data removal process and vendor access termination should also be included.

Cyber security is a significant risk faced by broker-dealers today that will likely grow in priority and importance in the coming years.  By addressing the challenges that cyber security creates, firms can identify vulnerabilities and take the measures needed to minimize the impact of cyberattacks. 

To find out more about Global Relay’s security controls, and the measures we take to protect customer data, please click here!

Submit a Comment

Stay up to date