Like many companies, investment managers require a wide range of third-party vendor-provided products and services to manage their daily operations. These vendors have varying levels of access to sensitive data, and policies are needed to reduce the cybersecurity risks that third-party vendors present. It is critical to have comprehensive contract provisions in place to reduce the risk that sensitive data of the managers and their investors will be stolen or inadvertently disclosed by or through third-party vendors. In addition, investment managers should be in compliance with the financial regulators’ expectations regarding vendor management.
Click here to read this article, in which SRZ partner Robert R. Kiesel discusses key issues in managing third-party vendors and provides sample data security-related vendor contract provisions.