What is a Third Party Service Provider Security Policy?
23 NYCRR 500 requires Covered Entities to implement a Third Party Service Provider Security Policy in Section 11. In reality, there is more to the requirement than simply crafting a policy. There are several other requirements Covered Entities must contend with in relation to Third Party Service Providers: Identification and initial risk assessment of third…