Third-Party Risk and the NY DFS 23 NYCRR 500
The NY DFS developed 23 NYCRR 500 to address cybersecurity threats and to promote both the protection of customer information and regulated entities’ information technology systems. Section 500.11 applies specifically to third-party risk management. Vendorpedia enables financial entities like yours to execute the third-party risk requirements of the law and maintain records for compliance.
Compliance with NY DFS 23 NYCRR 500 requires robust third-party service provider security policies and procedures. Vendorpedia operationalizes your third-party risk management program, enabling your organization to implement third-party risk policies consistently across teams and to automate procedures in the process. Configure workflows to standardize operations across stakeholders, all while streamlining communication and maintaining an exportable audit trail for compliance.
Knowing the third-party service providers in use and the risk they pose is critical to compliance, especially for financial organizations. With Vendorpedia, organize all your service providers in a central inventory, and then conduct risk assessments on them as required by 23 NYCRR 500.
Your third-party service providers should meet the same cybersecurity standards that you implement internally. Vendorpedia Assessments and Due Diligence, combined with the Global Risk Exchange, offer automated methods to assess third parties for compliance under 23 NYCRR 500. For instance, vet third-party service providers’ policies and procedures for access controls, including their use of multi-factor authentication, for encryption. Execute the assessment, review, and reporting all through a simple user interface.
NY DFS 23 NYCRR 500 requires periodic assessments of your third-party service providers. Reduce manual processes with Vendorpedia by configuring automation rules and triggers to automate reassessments. Additionally, link your third-party service provider to its profile within the Global Risk Exchange, and Vendorpedia will automatically monitor third-party risks over time.
Is your organization a covered entity under NYDFS 23 NYCRR 500?See How Vendorpedia Can Help
Managing Third-Party Risks Under NY DFS 23 NYCRR 500 with Vendorpedia
Track key contractual protections relating to third-party service providers to ensure that they meet minimum cybersecurity practices
Evaluate the adequacy of cybersecurity practices and assess the risks posed by third-party service providers
Develop an incident response plan and hold service providers accountable to their contractual notification requirements