Oversight of Service Providers
Each institution must provide oversight by:
- Ensuring service provider has reasonable policies and procedures designed to detect, prevent and mitigate the risk of identity theft.
- If the Institution engages a service provider to perform an activity in connection with one or more covered accounts, the Institution will:
- Require, by contract, that service providers have such policies and procedures in place; or,
- Require, by contract, that service providers review the Institution's program and report any red flags to the Program Administrator.
See the institutional Identity Theft Prevention Plan for contractual statements and forms.
return to top | previous page | next page