3rd party vendor Due Diligence:
- How often the vendor has experienced Cybersecurity incidents in the past, the severity of those incidents, and the quality of the vendor’s response Whether the vendor maintains Cybersecurity policies
- Organizational considerations, such as whether the vendor maintains sufficient and appropriately trained personnel to protect the data
- Encryption practices
- The vendor’s policies regarding the secondary use of customer data