NY DFS Part 500 requires covered entities to implement written policies for third-party service provider security, assess cybersecurity practices of providers with system or data access, include cybersecurity contractual requirements in service agreements, require notification in the event of a provider incident, and conduct annual review of third-party access and permissions.
Keep Exploring