Vendor Management & Due Diligence

Vendor Management & Due Diligence Requests

Online Data Exchange, LLC (OLDE) operates the e-OSCAR System for consumer reporting agencies (“CRAs”) and credit providers/data furnishers (“Users”) to facilitate the resolution of disputes about the accuracy and completeness of consumer information.  The e-OSCAR service is a regulatory-mandated service to enable CRAs and Data Furnishers to comply with Fair Credit Reporting Act requirements.   

The e-OSCAR team recognizes that many Users have strict vendor management protocols in place. Our team fully supports those efforts, and has implemented a rigorous internal process for maintaining and providing appropriate documentation to Data Furnishers upon request. We will provide two core sets of information to Users upon formal receipt of the same. 

• Business Information Package

• Due Diligence (Security) Package

Unless contractually bound to do so, OLDE does not respond to proprietary questionnaires.  We may consider completion of some questionnaires in unique situations, however, any effort to complete questionnaires by OLDE will be based upon our internal capacity alone.  We do charge an hourly rate for the completion of any documentation outside of our standard Packages.

Per section 10.2 of the e-OSCAR Terms of Use, OLDE requires a Non-Disclosure Agreement be executed by all Users prior to our release of any Due Diligence (Security) Package or documentation.

In order to access and view our Vendor Management &/or Due Diligence (Security) documentation, you must be a registered user of the e-OSCAR Learning Management System. You may access the e-OSCAR LMS (HERE).  Subsequent to your request for information, we will send an email indicating that the appropriate documentation has been made available to you within the e-OSCAR LMS.

Should you determine that additional information is needed once your review of the Compliance Information Package and Business Information Package is complete, we will (upon request and on a first come, first served basis) open our data room to you allowing the review of documentation that cannot be shared in the previously distributed packages. OLDE provides a standard set of documents in the data room (this evidence is a compilation of evidence requested from multiple previous in person audits and that are typically required to complete a successful audit). Users will be provided 2 weeks to access the data room to review all evidence needed.

If it is determined that there may be additional information needed to clear a finding, OLDE will schedule a meeting with you (the DF), the vendor that will need to present the remaining evidence and OLDE. This will come at a charge of $250.00 per hour with a minimum of 2 hours for the call. OLDE will request that you provide a list of all outstanding items that will need to be reviewed no later than 2 weeks prior to the scheduled meeting in order to allow our vendors and our internal parties time to prepare and estimate how long the meeting will need to be.

Business Information Package

The e-OSCAR Business Information Package can be released to Users upon request, and generally includes the following materials:

• OLDE Business Management Letter

• OLDE Business Tax Receipt

• OLDE Certificate of Insurance

• OLDE Independent Auditor's Report

• OLDE Privacy Policy

• OLDE W-9

Per OLDE policy, we do not release additional financial information.  OLDE is a non-public company established in 2006 by the Consumer Reporting Agencies (Equifax, Experian, Innovis and TransUnion) for the purpose of operating the e-OSCAR platform. OLDE has been continuously owned and sufficiently capitalized by the Consumer Reporting Agencies since its inception to ensure its ongoing operations. 

Due Diligence (Security) Package

The e-OSCAR Due Diligence (Security) Package will be released to Users only upon receipt of an executed Non-Disclosure Agreement, and generally includes the following materials:

• OLDE Compliance Management Letter - provides information about OLDE, the e-OSCAR System, affiliated organizations, and strategic partner (subcontractor) relationships

• OLDE Written Information Security  Policy

• OLDE DR Exercise Plan & Results Summary

• OLDE high level network diagram

• OLDE Application & Network Penetration Tests

• OLDE and key partner SOC and SIG documentation 

Please note that if there are User requested artifacts or evidence that are not included within our Due Diligence Package, those items will only be made available through an in-person or virtual on-site assessment.

Submitting a Request for Information

In order to obtain any Vendor Management or Due Diligence information, Users must:

• Submit a request via email to the e-OSCAR Help Desk (HERE), detailing the package type sought and including the name of the User company, the appropriate e-OSCAR Registration Number (account number) and the name of the User company's Registration Administrator

• Electronically execute the e-OSCAR Non-Disclosure Agreement

Please note that according to the e-OSCAR Terms of Use, our Non-Disclosure Agreement is standard.  We do not allow for any redlines or changes to our Non-Disclosure Agreement.  

We further do not accommodate requests to execute User company confidentiality agreements.  

As indicated in section 10.2 of the System Terms of Use , it is a requirement for Data Furnishers to sign OLDE’s User Nondisclosure agreement in order to share OLDE and its subcontractor’s security documents. Please note that OLDE’s NDA is applicable to the e-OSCAR System, OLDE, and OLDE’s subcontractor information. Shared information includes information about the security features, controls, and practices of the e-OSCAR system shared with Data Furnishers by OLDE.

Frequently Asked Questions