This message was posted by a user wishing to remain anonymous
Hello everyone,
I just recently came across the below request and don't know if or how to begin implementing this request.
We currently use outside servicers for our mortgage loans servicing.
Freddie Mac Annual Eligibility Certification Report Questions -
Guide Section 1302.2(b)(v) will be effective on 01/13/2022 and it says:
Vendor risk management program
Seller/Servicers must implement a vendor risk management program to formally evaluate, track and measure third-party risk; to assess its impact on aspects of the organization's business; and to develop compensating controls or other forms of mitigation to safeguard and protect Freddie Mac's information, data and PPI from unauthorized persons, malicious software or other harmful computer information, commands, codes or programs.
We conduct due diligence on our servicers, but the request is for a privacy risk assessment or audit of third party vendors ability to safe guard NPPI according to the above guide.
Can I request the vendor to provide me with their privacy risk assessment or their audit?