DOL 6 tips for hiring a service provider



 with strong cybersecurity practices






 DOL      Empower

 1. Security standards, practices and policies  NIST 800-53


          • AICPA SOC 2 Type II – compliance reports
          • Verizon Certification 11 years – security testing
 2. Validation, implementation and compliance of security practices  • Penetration testing

          • Dark web monitoring
          • Development code testing

          • Plan Advisor: #1 Value for Price (9 years in a row)

          • Plan Advisor: #1 Overall Service (4 years in a row)
 3. Evaluate the service provider’s track record in the industry  • Fund Intelligence: 2020 Retirement Leader of the Year
          • Plan Sponsor: #1 Best-in-Class cups with 89 awards
          • Plan Sponsor: 4 Service Commendations


 4. Service provider response to past security breaches if applicable  Empower has not had a breach


 5. Insurance policies that would cover losses caused by cybersecurity
 and identity theft breaches  Cyber liability insurance + Security Guarantee


 6. Service agreements that document ongoing compliance   SOC 2 Type II, Verizon Certification, Data Security
 with cybersecurity and information security standards  and Privacy Addendum








 FOR PLAN SPONSOR OR FINANCIAL PROFESSIONAL USE ONLY.