Cybersecurity Third Party Service Provider Statement
Modified on: Fri, 1 Mar, 2019 at 1:41 PM
EZLynx is a “Third Party Service Provider” under 23 NYCRR 500 – “Cybersecurity Requirements for Financial Services Providers” (“NY Cyber Requirements”). This Statement was prepared to assist any customers who are “Covered Entities” under such NY Cyber Requirements. Capitalized terms not otherwise defined in this Statement are defined in the NY Cyber Requirements.
Covered Entity. EZLynx is not a “Covered Entity” and does not file a Certificate of Compliance with the NY Superintendent.
Compliance with Law. EZLynx is in compliance with all applicable U.S. laws.
Cybersecurity Program. EZLynx has a cybersecurity program in place designed to identify and assess internal and external threats to ensure the security and integrity of Non-Public Information stored in the EZLynx One Platform®. EZLynx has implemented security tools to assist in protecting its information systems and Non-Public Information, such as firewalls, intrusion prevention/detection, event/threat monitoring. EZLynx performs vulnerability assessments, internal testing and ongoing monitoring to identify security vulnerabilities.
Access Controls. EZLynx is a multitenancy system, our customers have the responsibility to manage access to its tenancy and monitor who has access to its Nonpublic Information. EZLynx maintains tenancy separation and data security at the infrastructure layer.
Data Centers. Non-Public Information is stored in the United States. EZLynx Data Centers provide EZLynx with SOC 2 audits on an annual basis.
Cyber Insurance. EZLynx purchases cyber insurance that includes incident response services.
Notification. EZLynx will send the notice to Covered Entities who are obligated to notify NYS DFS.
MultiFactor Authentication. Multi-Factor Authentication (“MFA”) is available for all EZLynx accounts. If you would like to enable MFA on your account, please contact support@ezlynx.com.
Encryption. All information is encrypted in transit. Certain sensitive information is encrypted at rest, including an end customer’s driver’s license number, social security number, date of birth and carrier passwords. Any documents uploaded to EZLynx are also encrypted.
Data Deletion. EZLynx will delete customer information upon request when a customer is leaving the EZLynx One Platform®. Certain quoting information is removed from the One Platform every eighteen (18) months. If you have specific deletion requirements while using our system, please contact support@ezlynx.com.
Posted Article: https://www.ezlynx.com/support/cybersecurity/
Did you find it helpful? Yes No
Send feedback