Page 130 - NovDefComp

P. 130

DOL 6 tips for hiring a service provider

with strong cybersecurity practices

DOL Empower

1. Security standards, practices and policies NIST 800-53

• AICPA SOC 2 Type II – compliance reports
• Verizon Certification 11 years – security testing
2. Validation, implementation and compliance of security practices • Penetration testing

• Dark web monitoring
• Development code testing

• Plan Advisor: #1 Value for Price (9 years in a row)

• Plan Advisor: #1 Overall Service (4 years in a row)
3. Evaluate the service provider’s track record in the industry • Fund Intelligence: 2020 Retirement Leader of the Year
• Plan Sponsor: #1 Best-in-Class cups with 89 awards
• Plan Sponsor: 4 Service Commendations

4. Service provider response to past security breaches if applicable Empower has not had a breach

5. Insurance policies that would cover losses caused by cybersecurity
and identity theft breaches Cyber liability insurance + Security Guarantee

6. Service agreements that document ongoing compliance SOC 2 Type II, Verizon Certification, Data Security
with cybersecurity and information security standards and Privacy Addendum

FOR PLAN SPONSOR OR FINANCIAL PROFESSIONAL USE ONLY.

125 126 127 128 129 130 131 132 133 134 135