Your data is only as secure as your third-party providers

Tips on vetting vendors that access your members’ sensitive information

January 6, 2022 by Glenn Harrison and Lisa Hochgraf, CU Management

Your reputation as a reliable steward of your members’ personal financial information today doesn’t rely solely on your internal data security program—your reputation also relies on any third parties you give access to this data.

We asked for advice about vetting third-party firms from two common types of credit union vendors: Allied Solutions, a lending and risk management services provider, and IDology, an identity verification solutions company.

Conversation and Documentation

Before delving into IT infrastructure and specifications, any good audit begins with simple conversations, says Josh Gideon, manager/audit and compliance for insurance solutions provider Allied Solutions, a CUES Supplier member based in Carmel, Indiana. He recommends starting audits by asking for the vendor’s data security policies and procedures. “You’re being graded based on what you say you’re doing,” he explains. “The auditors say, ‘Tell me what you say you’re doing, and then I’m going to test this to verify that you’re doing what you say you’re doing.’”

Your data is only as secure as your third-party providers

Tips on vetting vendors that access your members’ sensitive information

Conversation and Documentation

Featured

Tax Day has come and gone: What now?

Behind the buzz: How credit unions are targeting 3x deposit growth in 2024

Women in leadership positions in credit unions: Dare to be number one

The CUInsight Experience podcast: Hector Martin – Future vision (#183)

Stay connected to the credit union community with our free newsletter!

You have Successfully Subscribed!