CHECKLIST

Key Issues

• □ Definitions

• □ Risk of contracting

Vendor Due Diligence

• □ Put vendors on notice

• □ Security standards

  • – Gramm–Leach–Bliley

  • – HIPAA Security Rule/HITECH Act

  • – FFIEC Guidance

  • – States

  • – Federal Trade Commission

• □ Diligence should cover:

  • – Criminal convictions

  • – Litigation

  • – – Regulatory and enforcement

  • – Breaches of security

  • – Breaches of health information

  • – Adverse audits

  • – Use of parties outside the United States

• □ Standardized questionnaire

  • – Corporate responsibility

  • – Insurance coverage

  • – Financial condition

  • – Personnel practices

  • – Information security policies

  • – Physical security

  • – Logical security

  • – Disaster recovery ...