Skip to main content
cyber-security-lock-with-password-83GGZDD.jpg

Vendor Management & Due Diligence

Vendor Management & Due Diligence Requests

 

Online Data Exchange, LLC (OLDE) operates the e-OSCAR System for consumer reporting agencies (“CRAs”) and credit providers/data furnishers (“Users”) to facilitate the resolution of disputes about the accuracy and completeness of consumer information.  The e-OSCAR service is a regulatory-mandated service to enable CRAs and Data Furnishers to comply with Fair Credit Reporting Act requirements.   

The e-OSCAR team recognizes that many Users have strict vendor management protocols in place. Our team fully supports those efforts, and has implemented a rigorous internal process for maintaining and providing appropriate documentation to Data Furnishers upon request. We will provide two core sets of information to Users upon formal receipt of the same. 

  • Business Information Package

  • Due Diligence (Security) Package

Unless contractually bound to do so, OLDE does not typically respond to proprietary questionnaires.  We may consider completion of some questionnaires in unique situations, however, any effort to complete questionnaires by OLDE will be based upon our internal capacity alone.  We do charge an hourly rate for the completion of any documentation outside of our standard Packages.

Per section 10.2 of the e-OSCAR Terms of Use, OLDE requires a Non-Disclosure Agreement be executed by all Users prior to our release of any Due Diligence (Security) Package or documentation.

In order to access and view our Vendor Management &/or Due Diligence (Security) documentation, you must be a registered user of the e-OSCAR Learning Management System. You may access the e-OSCAR LMS (HERE).  Subsequent to your request for information, we will send an email indicating that the appropriate documentation has been made available to you within the e-OSCAR LMS.

Should you determine that additional information is needed once your review of the Compliance Information Package and Business Information Package is complete, we will (upon request and on a first come, first served basis) open our data room to you allowing the review of documentation that cannot be shared in the previously distributed packages. OLDE provides a standard set of documents in the data room (this evidence is a compilation of evidence requested from multiple previous in person audits and that are typically required to complete a successful audit). Users will be provided 2 weeks to access the data room to review all evidence needed.

If it is determined that there may be additional information needed to clear a finding, OLDE will schedule a meeting with you (the DF), the vendor that will need to present the remaining evidence and OLDE. This will come at a charge of $250.00 per hour with a minimum of 2 hours for the call. OLDE will request that you provide a list of all outstanding items that will need to be reviewed no later than 2 weeks prior to the scheduled meeting in order to allow our vendors and our internal parties time to prepare and estimate how long the meeting will need to be.

 

 

Business Information Package

The e-OSCAR Business Information Package can be released to Users upon request, and generally includes the following materials:

  • OLDE Business Management Letter

  • OLDE Business Tax Receipt

  • OLDE Certificate of Insurance

  • OLDE Independent Auditor's Report

  • OLDE Privacy Policy

  • OLDE W-9

Per OLDE policy, we do not release additional financial information.  OLDE is a non-public company established in 2006 by the Consumer Reporting Agencies (Equifax, Experian, Innovis and TransUnion) for the purpose of operating the e-OSCAR platform. OLDE has been continuously owned and sufficiently capitalized by the Consumer Reporting Agencies since its inception to ensure its ongoing operations. 

Due Diligence (Security) Package

The e-OSCAR Due Diligence (Security) Package will be released to Users only upon receipt of an executed Non-Disclosure Agreement, and generally includes the following materials:

  • OLDE Compliance Management Letter - provides information about OLDE, the e-OSCAR System, affiliated organizations, and strategic partner (subcontractor) relationships

  • OLDE Written Information Security  Policy

  • OLDE DR Exercise Plan & Results Summary

  • OLDE high level network diagram

  • OLDE Application & Network Penetration Tests

  • OLDE and key partner SOC and SIG documentation 

Please note that if there are User requested artifacts or evidence that are not included within our Due Diligence Package, those items will only be made available through an in-person or virtual on-site assessment.

 

 

Submitting a Request for Information

In order to obtain any Vendor Management or Due Diligence information, Users must:

  • Submit a request via email to the e-OSCAR Help Desk (HERE), detailing the package type sought and including the name of the User company, the appropriate e-OSCAR Registration Number (account number) and the name of the User company's Registration Administrator

  • Electronically execute the e-OSCAR Non-Disclosure Agreement

Please note that according to the e-OSCAR Terms of Use, our Non-Disclosure Agreement is standard.  We do not allow for any redlines or changes to our Non-Disclosure Agreement.  

We further do not accommodate requests to execute User company confidentiality agreements.  

As indicated in section 10.2 of the System Terms of Use , it is a requirement for Data Furnishers to sign OLDE’s User Nondisclosure agreement in order to share OLDE and its subcontractor’s security documents. Please note that OLDE’s NDA is applicable to the e-OSCAR System, OLDE, and OLDE’s subcontractor information. Shared information includes information about the security features, controls, and practices of the e-OSCAR system shared with Data Furnishers by OLDE.

Frequently Asked Questions 

We clearly understand that vendor due diligence is a critical function for all Financial Institutions and are keenly aware of the requirements placed on Financial Institutions by various regulatory bodies with respect to third party vendor management.  In fact, our due diligence materials are purposefully aligned to assist in the completion of this due diligence.  That being said, we do not have capacity to complete proprietary questionnaires for firms, and therefore we have made a business decision that unless we are contractually bound to do so, we will generally decline.  Our general Terms of Use do not mandate that we complete questionnaires.  

We recommend that you review our provided materials against your questionnaires.  We trust that the vast majority of your questions will be answered. If there are gaps subsequent to that review, please contact us so that we can partner with you and provide the correct information.

Per the e-OSCAR Terms of Use, the OLDE NDA is standard and does not allow for any changes.  We kindly ask that you execute the NDA previously provided in order to receive the requested security documents. 

Unfortunately, we are not in a position to accommodate requests to execute confidentiality agreements submitted by Data Furnishers. As the industry standard for submitting ACDVs and AUDs electronically to the Credit Reporting Agencies, we must maintain a consistent NDA process across all our registered organizations. As indicated in section 10.2 of the System Terms of Use, it is a requirement for Data Furnishers to sign OLDE’s User Nondisclosure agreement in order to share OLDE and its subcontractor’s security documents.

Please note that OLDE’s NDA is applicable to the e-OSCAR System, OLDE, and OLDE’s subcontractor information. Shared information includes information about the security features, controls, and practices of the e-OSCAR system shared with Data Furnishers by OLDE.

We will happily send our NDA to you for physical execution.  Please have the appropriate officer complete and sign the attached e-OSCAR Non-Disclosure Agreement.  Once the signed NDA is received, we will forward the requested information.

Online Data Exchange LLC provides your company with access to an automated system for the resolution of consumer credit report disputes (the “e-OSCAR System”).  The e-OSCAR system is a subscription-based application provided to you by Online Data Exchange LLC. Use of the e-OSCAR System is governed by the Terms of Use (TOU).  This is a click-through Agreement accepted upon registration with e-OSCAR. The person that registered your organization accepted the Terms of Use during the registration process. Terms of Use documentation is available HERE.

The most recent Independent Auditors’ Report of OLDE financials is provided upon request to current Data Furnisher customers.  Per OLDE policy, we do not release additional financial information.  OLDE is a non-public company established in 2006 by the Consumer Reporting Agencies (Equifax, Experian, Innovis and TransUnion) for the purpose of operating the e-OSCAR platform. OLDE has been continuously owned and sufficiently capitalized by the Consumer Reporting Agencies since its inception to ensure its ongoing operations.

Online Data Exchange LLC does not share financial information with rating agencies.

Questions?

Contact the e-OSCAR Help Desk at (866) MY OSCAR or (866) 696-7227
Monday - Friday, 8am - 6pm ET