Vendor Due Diligence

RiskScout is composed of senior staff who have decades of financial institution experience covering security, compliance and confidentiality. We enable FIs to scale and execute their compliance programs for their business customer data. We take security and compliance very seriously.

 

RiskScout is a SOC2 - Type 1 certified organization. Our Vendor Due Diligence package is available to our customers and prospects upon request.


 

 

 

 

 

 

 

 

 

 

Corporate Requirements

  • RiskScout maintains extensive insurance coverage including Liability, E&O, D&O, Cyber, Crime and Workers Comp.

  • RiskScout is a Delaware corporation with board oversight.

  • RiskScout maintains clear terms and conditions and privacy policies

 

Security

  • RiskScout secures sensitive data at rest and transit with commonly accepted encryption standards.

  • RiskScout conducts regular penetration testing and corrects any issues found immediately.

  • RiskScout maintains an open bounty program with the public.

  • RiskScout maintains hard disk encryption for every device working with sensitive data.

 

Access Management

  • RiskScout requires formal agreements and policies for all employees and contractors who perform work for the company.

  • RiskScout has comprehensive onboarding and offboarding policies that include logical and physical access appropriate to the role.

 

Disaster Recovery

  • RiskScout replicates backup and log data across multiple geographically dispersed data centers within the United States

 

Vendor Management

  • RiskScout requires all critical vendors to abide by equivalent compliance, security and procedures.

Please contact your sales representative or support@riskscout.com for additional questions.