DOL Cybersecurity RFP — Culpepper RFP

DOl Cybersecurity Audit

Culpepper RFP has experience and technical skills to assist you in the selection of a DOL Cybersecurity Audit Firm.

We combine both DOL, ERISA and cybersecurity expertise to insure you are able to evaluate service providers with these projects.

Many organizations do not have the internal resources to make an objective and well informed decision.

Culpepper RFP, LLC assists you in evaluating cybersecurity consultants to complete an audit as outlined by the DOL guidelines.

The DOL best practices cover 12 topic areas for the sponsor and service vendors:

1. Have a formal, well-documented cybersecurity program.

2. Conduct prudent risk assessments.

3. Have a reliable annual third-party audit of security controls.

4. Clearly define and assign information security roles and responsibilities.

5. Have strong access control procedures.

6. Ensure that any assets or data stored in a cloud or managed by a third-party service provider are subject to appropriate security reviews and independent security assessments.

7. Conduct periodic cybersecurity awareness training.

8. Implement and manage a secure system development life cycle (SDLC) program.

9. Have an effective business resiliency program addressing business continuity, disaster recovery, and incident response.

10. Encrypt sensitive data, stored and in transit.

11. Implement strong technical controls in accordance with best security practices.

12. Appropriately respond to any past cybersecurity incidents.

Learn more about the DOL and your Cybersecurity compliance

Schedule a Call

The DOL issued three guidance documents.

1. Cybersecurity Program “Best Practices”

2. “Tips” to help plan sponsors and fiduciaries select service providers

3. “Online Security Tips” for plan participants and beneficiaries

“The committee was extremely pleased with the process, results and education supplied to it. I highly recommend the Culpepper Group to other organizations for similar assignments.”

— ERISA attorney