Cyber Security Assessment Services

Cyber Security Assessment Services

Assessment Questionnaires

Vendor Scorecard

SOC2 / SPARK Data Security Reports

Ongoing Monitoring

Vendor Background Analysis Risk Score

Data Repository

FINRA Disciplinary Actions Review

Risk Dashboard

Schedule a Call With Us

Click below to ask additional questions or schedule a call with us.

Learn more about how our outsourced cybersecurity services can help you

Vendor Identification and Hand-off

Modevity will work with Client to Identify Cloud Based service providers with access to Personally Identifiable and client financial data. We will collect the list of their vendors including DUNS and EIN number and contact information for surveys.

Configure Client Specific Questionnaire

We maintain a database of over 1,200 questions that can be combined for most any compliance need including a focus on cyber security. Starting with Modevity’s existing Client Questionnaire and Client’s standard Questionnaire, if any, a custom Questionnaire is created, reviewed, and approved. Optionally, we can utilize SIG or SIG Lite standard questionnaires at client option. The SIG fee is handled as a pass-through expense with no Modevity mark-up however there is an additional fee for ongoing processing related to the SIG Questionnaire.

Distribute Annual Vendor Questionnaire

All Client Vendors will receive the annual Client Branded, web-based questionnaire chosen by the client. We will track receipt of all questionnaires and follow-up two times by email with non-compliant vendors. Finally, for non-compliant vendors, two additional phone calls are made to attempt to achieve vendor compliance.

SOC2 and SPARK Data Security Report Review

We will request annually from All Client Service Providers the Industry Standard SOC2 report as well as SPARK Data Security Report. This report is completed by the Service Providers’ Auditing firm such as Deloitte or PWC. We review these reports for completeness and exceptions.

Vendor Background Risk Scoring

Modevity will provide Client to create a custom Risk Profile and scoring template to highlight just the risks most important to Client and create Risk Ratings most relevant to their mission. All Vendors are then screened against leading global data platform technologies such as TR Clear / Risk Inform and preliminary results created. Vendors showing significant risk elements resulting from initial screen are identified in a report to client for decision on potential deeper investigation.

Vendor Score Card

All Scoring and Public Record data collected by Modevity will be incorporated into a final annual Vendor Scorecard for each Vendor.

Vendor Dashboard

Modevity will provide Cloud Based Dashboard showing the progress and results of the Cybersecurity Risk Assessment process.

Data Repository

Modevity will provide and maintain a Cloud Based Data Repository for all scoring and source data.

Vendor Alert Process

All vendors are continuously monitored for Cyber Breaches, changes in ownership, adverse media, and similar issues. Any issues surfaced are triaged daily and, if necessary, brought to the client’s attention.

Potential New Vendor Evaluations

Any potential new Vendor will be run through this process as a part of the Client’s formal or informal RFP process.

In-Depth Vendor Due Diligence Review Process - Optional

Any existing or new vendor in any Risk category can be examined at a deeper level at the Client’s request at any time at an additional cost. This deeper analysis utilizes all of our data sources including social and public media and results in a full investigative report on the vendor.


The Department of Labor Guidance regarding Plan Sponsors’ fiduciary responsibilities, maintains that plan sponsors should survey their key vendors to ensure they are acting in accordance with the best practices the DOL has identified.

Potential vendors to survey and monitor can include recordkeepers of PII, ePHI and/or other sensitive and confidential data and information related to the plan (e.g., financial information).

Assets or Data Stored in a Cloud or Managed by a Third-Party Service Provider are Subject to Appropriate Security Reviews and Independent Security Assessments

Modevity, LLC is listed in the FINRA Compliance Vendor Directory.

Why you may need to implement


Cloud computing presents many unique security issues and challenges. Modevity helps you maintain Department of Labor guideline compliance by leveraging industry standard tools and practices.

 In the cloud, data is stored with a third-party provider and accessed over the internet. This means visibility and control over that data is limited. Organizations must understand the security posture of the cloud service provider in order to make sound decisions on using the service.


 Learn more about how our outsourced cyber security services can help you

Fully Outsourced

Reduce Cost, Modevity analysts become a seamless extension to your team without employee overhead, benefits, and costs. In addition, we streamline processes and reduce costs while improving efficiency

Save Time

Increase Quality

Monitor Progress

With Program Dashboard and easy Access to All Program Data

Best practices include

– Requiring a risk assessment of third-party service providers.

– Defining minimum cybersecurity practices for third party service providers.

– Periodically assessing third party service providers based on potential risks.

Ensuring that guidelines and contractual protections at minimum address the following:

  • The Third-Party service provider’s access control policies and procedures including the use of multi-factor authentication.
  • The Third-Party service provider’s encryption policies and procedures.
  • The Third-Party service provider’s notification protocol for a cybersecurity event which directly impacts a customer’s information system(s) or nonpublic information.

Trusted partner since 2004.

Quick Links

Get the latest news & updates

Copyright © 2022 All rights reserved.