Sample Written Outsourced Third Party Risk Management Program

Document description:

This document provides a comprehensive written Program that may be customized to meet the institution’s internal environment. A written Information and Cyber Security Risk Management Program should contain an executive summary of all the components making up the security and control practices in place for protecting nonpublic customer information to meet GLBA requirements. The Program addresses all the requirements for a written Information Security Program and includes wording to address Cyber Security awareness.

The Program template includes:

  • Program Overview
  • Program Statement
  • Scope
  • Objectives
  • Roles and Responsibilities
  • Risk Assessment Process
  • Risk Management
    • Key Controls
    • Key Controls
    • Destruction and Disposal of NPI
    • Insurance Coverage
    • Testing
    • Training
    • BCP
    • Incident Response
    • Outsourced Third Party Management
    • Acceptable Use Program
    • Technology Program
    • Record and Electronic Communications Retention
    • IT Strategic Plan
  • Reporting
  • Adjusting the Program

This document is only $95.00.


  • Certified Information Systems Auditor (CISA)
  • Certified Information Security Manger (CISM)
  • Certified Risk Professional (CRP)
  • Certified In Risk & Information System Control (CRISC)