Secure Controls Framework
Download The SCF
NY DFS Part 500

What are NY DFS Part 500 third-party vendor management requirements?

Direct Answer

NY DFS Part 500 requires covered entities to implement written policies for third-party service provider security, assess cybersecurity practices of providers with system or data access, include cybersecurity contractual requirements in service agreements, require notification in the event of a provider incident, and conduct annual review of third-party access and permissions.

Keep Exploring

Relevant Resources

References

Authoritative Sources