Are You Overseeing Your Third-Party Vendors?

Nearly two-thirds of data breaches that companies experienced occurred via lax third-party security systems.

Make sure the terms and conditions in your service provider agreements align with the requirements of the Safeguards Rule.

5/9/2023 12:00 P.M.

Because many vendors connect to internal organizational systems—and therefore connect to sensitive employee and customer information—third parties can be a serious risk to data breaches. The Ponemon Institute found that nearly two-thirds of data breaches that companies experienced occurred via lax third-party security systems.

The Federal Trade Commission issued the “Final Rule” to amend the Standards for Safeguarding Customer Information (Safeguards Rule), with the requirements coming into effect on June 9, 2023.

The FTC’s Safeguards Rule requires financial institutions, including banks and other organizations that handle sensitive customer information, to have a comprehensive information security program in place.

This includes managing and overseeing third-party vendors that have access to customer information. The rule requires that financial institutions take reasonable steps to ensure third-party vendors protect customer information in their custody or control.

It states specifically: “When a vendor accesses the financial institution’s data or information systems, the financial institution must ensure appropriate access controls are in place. Separately, under paragraph (f), the financial institution must reasonably oversee the vendor’s safeguards, which would necessarily include access controls for the vendor’s system.”

Specifically, you should:

  • Evaluate the safeguards used by third-party vendors to protect customer information.
  • Require third-party vendors to implement appropriate safeguards to protect customer information.
  • Monitor and regularly review the safeguards used by third-party vendors.
  • Take appropriate action if a third-party vendor does not comply with the safeguarding of customer information.

If this seems overwhelming, TPx can help. We can review the terms and conditions of your third-party service providers to make sure they align with the requirements of the rule. Go to to get started

If you have executive leadership updates or other member news to share with ACA, contact our communications department at [email protected]. View our publications page for more information and our news submission guidelines here.




Training Zone
One moment please...

Share Profile

This site uses cookies. By continuing to use our site, you are agreeing to our use of cookies. Review our Privacy Policy for more information. You may change your preferences on how cookies are stored by reviewing the settings on your browser.

The content on this site is presented for educational, general reference, and informational purposes only; is not intended to serve as legal or other advice; is not intended to be a full and exhaustive explanation of the law in any area; and should not replace the advice of your own legal counsel. By continuing to use our site, you are agreeing to the legal disclaimers in our Terms of Use. Review our Terms of Use for more information.

Friendly Reminder

Get continued access to ACA International’s wide array of resources, which can help you become more profitable, compliant and successful.

Renew your membership today to take advantage of tools you won’t find anywhere else:

  • Discounts on seminars, products, services and events
  • Resources to strengthen your compliance department
  • Industry-specific risk management products and services
  • Participation in ACA’s online community, The Hub
    Members-only website content
  • Professional development and training opportunities, and so much more!

If you have completed your renewal, please disregard this reminder.