Skip main navigation (Press Enter).

Regulations

View Only

third-party risk management regulations library

Back to discussions

Expand all | Collapse all

CCPA

Anonymous Member10-07-2025 09:47 AM

This message was posted by a user wishing to remain anonymous With the new CCPA regulation that now ...

Anonymous Member10-07-2025 12:21 PM

This message was posted by a user wishing to remain anonymous We are currently in the middle of ...

Rajiv Kapoor10-07-2025 01:44 PM

Most of the time if the supplier has access to your data, the contract includes something like this. ...

1. CCPA

Like
This message was posted by a user wishing to remain anonymous
Posted 10-07-2025 09:47 AM
This message was posted by a user wishing to remain anonymous

With the new CCPA regulation that now requires credit unions to conduct annual cybersecurity audits, Vendor Management/Third Party Risk Management will also be responsible for "overseeing service providers and third parties to ensure they also comply with cybersecurity standards."

How is everyone preparing to address this? Would cybersecurity questions that are embedded within annual security questionnaires sufficient? And besides contractual language, what else could we do to provide proof of oversight?

Thanks in advance for any insights!

-------------------------------------------
2. RE: CCPA

Like
This message was posted by a user wishing to remain anonymous
Posted 10-07-2025 12:21 PM
This message was posted by a user wishing to remain anonymous

We are currently in the middle of an NCUA audit and the required documents regarding cyber security is:

Documentation demonstrating contracts with critical service providers address the timely notification of cyber incidents.
3. RE: CCPA

Like
Rajiv Kapoor
Posted 10-07-2025 01:44 PM
Most of the time if the supplier has access to your data, the contract includes something like this. Days can be changed based on your risk appetite.

Powered by Higher Logic

Global message icon