Cyber Security Assessment Services
Assessment Questionnaires
Vendor Scorecard
SOC2 / SPARK Data Security Reports
Ongoing Monitoring
Vendor Background Analysis Risk Score
Data Repository
FINRA Disciplinary Actions Review
Risk Dashboard
Schedule a Call With Us
Click below to ask additional questions or schedule a call with us.
MODEVITY SERVICE PROVIDER RISK ASSESSMENT & REPORTING PROCESS
Learn more about how our outsourced cybersecurity services can help you
Vendor Identification and Hand-off
Configure Client Specific Questionnaire
Distribute Annual Vendor Questionnaire
SOC2 and SPARK Data Security Report Review
Vendor Background Risk Scoring
Vendor Score Card
Vendor Dashboard
Data Repository
Vendor Alert Process
Potential New Vendor Evaluations
In-Depth Vendor Due Diligence Review Process - Optional
WHY CYBERSECURITY FOR PLAN SPONSORS?
The Department of Labor Guidance regarding Plan Sponsors’ fiduciary responsibilities, maintains that plan sponsors should survey their key vendors to ensure they are acting in accordance with the best practices the DOL has identified.
Potential vendors to survey and monitor can include recordkeepers of PII, ePHI and/or other sensitive and confidential data and information related to the plan (e.g., financial information).
Assets or Data Stored in a Cloud or Managed by a Third-Party Service Provider are Subject to Appropriate Security Reviews and Independent Security Assessments
Modevity, LLC is listed in the FINRA Compliance Vendor Directory.
ADDITIONAL LINKS
Department of Labor’s Cyber Security Guidance for Plan Sponsors
- https://www.dol.gov/newsroom/releases/ebsa/ebsa20210414
- https://www.dol.gov/sites/dolgov/files/ebsa/key-topics/retirement-benefits/cybersecurity/best-
- practices.pdfhttps://www.dol.gov/sites/dolgov/files/ebsa/about-ebsa/our-activities/resource-center/publications/meeting-your-fiduciary-responsibilities.pdf
Why you may need to implement
Cloud computing presents many unique security issues and challenges. Modevity helps you maintain Department of Labor guideline compliance by leveraging industry standard tools and practices.
In the cloud, data is stored with a third-party provider and accessed over the internet. This means visibility and control over that data is limited. Organizations must understand the security posture of the cloud service provider in order to make sound decisions on using the service.
BENEFITS OF CYBER SECURITY ASSESSMENT SERVICES
Learn more about how our outsourced cyber security services can help you
Fully Outsourced
Save Time
Monitor Progress
Best practices include
– Requiring a risk assessment of third-party service providers.
– Defining minimum cybersecurity practices for third party service providers.
– Periodically assessing third party service providers based on potential risks.
– Ensuring that guidelines and contractual protections at minimum address the following:
- The Third-Party service provider’s access control policies and procedures including the use of multi-factor authentication.
- The Third-Party service provider’s encryption policies and procedures.
The Third-Party service provider’s notification protocol for a cybersecurity event which directly impacts a customer’s information system(s) or nonpublic information.