Skip to main content
cyber-security-lock-with-password-83GGZDD.jpg

Vendor Management & Due Diligence

Vendor Management & Due Diligence Requests

 

Online Data Exchange, LLC (OLDE) operates the e-OSCAR System for consumer reporting agencies (“CRAs”) and credit providers/data furnishers (“Users”) to facilitate the resolution of disputes about the accuracy and completeness of consumer information.  The e-OSCAR service is a regulatory-mandated service to enable CRAs and Data Furnishers to comply with Fair Credit Reporting Act requirements.   

The e-OSCAR team recognizes that many Users have strict vendor management protocols in place. Our team fully supports those efforts, and has implemented a rigorous internal process for maintaining and providing appropriate documentation to Data Furnishers upon request. We will provide two core sets of information to Users upon formal receipt of the same. 

  • Business Information Package

  • Due Diligence (Security) Package

Unless contractually bound to do so, OLDE does not typically respond to proprietary questionnaires.  We may consider completion of some questionnaires in unique situations, however, any effort to complete questionnaires by OLDE will be based upon our internal capacity alone.  We do charge an hourly rate for the completion of any documentation outside of our standard Packages.

Per section 10.2 of the e-OSCAR Terms of Use, OLDE requires a Non-Disclosure Agreement be executed by all Users prior to our release of any Due Diligence (Security) Package or documentation.

In order to access and view our Vendor Management &/or Due Diligence (Security) documentation, you must be a registered user of the e-OSCAR Learning Management System. You may access the e-OSCAR LMS (HERE).  Subsequent to your request for information, we will send an email indicating that the appropriate documentation has been made available to you within the e-OSCAR LMS.

 

 

Business Information Package

The e-OSCAR Business Information Package can be released to Users upon request, and generally includes the following materials:

  • OLDE Business Management Letter

  • OLDE Business Tax Receipt

  • OLDE Certificate of Insurance

  • OLDE Independent Auditor's Report

  • OLDE Privacy Policy

  • OLDE W-9

Per OLDE policy, we do not release additional financial information.  OLDE is a non-public company established in 2006 by the Consumer Reporting Agencies (Equifax, Experian, Innovis and TransUnion) for the purpose of operating the e-OSCAR platform. OLDE has been continuously owned and sufficiently capitalized by the Consumer Reporting Agencies since its inception to ensure its ongoing operations. 

Due Diligence (Security) Package

The e-OSCAR Due Diligence (Security) Package will be released to Users only upon receipt of an executed Non-Disclosure Agreement, and generally includes the following materials:

  • OLDE Compliance Management Letter - provides information about OLDE, the e-OSCAR System, affiliated organizations, and strategic partner (subcontractor) relationships

  • OLDE Written Information Security  Policy

  • OLDE DR Exercise Plan & Results Summary

  • OLDE high level network diagram

  • OLDE Application & Network Penetration Tests

  • OLDE and key partner SOC and SIG documentation 

Please note that if there are User requested artifacts or evidence that are not included within our Due Diligence Package, those items will only be made available through an in-person or virtual on-site assessment.

 

 

Submitting a Request for Information

In order to obtain any Vendor Management or Due Diligence information, Users must:

  • Submit a request via email to the e-OSCAR Help Desk (HERE), detailing the package type sought and including the name of the User company, the appropriate e-OSCAR Registration Number (account number) and the name of the User company's Registration Administrator

  • Electronically execute the e-OSCAR Non-Disclosure Agreement

Please note that according to the e-OSCAR Terms of Use, our Non-Disclosure Agreement is standard.  We do not allow for any redlines or changes to our Non-Disclosure Agreement.  

We further do not accommodate requests to execute User company confidentiality agreements.  

As indicated in section 10.2 of the System Terms of Use , it is a requirement for Data Furnishers to sign OLDE’s User Nondisclosure agreement in order to share OLDE and its subcontractor’s security documents. Please note that OLDE’s NDA is applicable to the e-OSCAR System, OLDE, and OLDE’s subcontractor information. Shared information includes information about the security features, controls, and practices of the e-OSCAR system shared with Data Furnishers by OLDE.

On-Site / Virtual Assessment Schedule

All on-site or virtual assessments must be scheduled in advance, and are subject to an additional fee of $7,500.

Scope and payment of fees must be concluded no later than 45-days prior to the start of any assessment, or we may chose to cancel the assessment.

Potential dates for 2021 On-Site / Virtual Assessments are:

  • First Quarter 2021:  Feb 3-4.  Mar 3-4

  • Second Quarter 2021: Apr 7-8.  May 19-20

  • Third Quarter 2021: Jul 21-22.  Aug 4-5.  Aug 25-26

  • Fourth Quarter 2021: Oct 6-7.  Nov 9-10

Audit Requirements / Notes:

  • Pricing includes OLDE and our Partner pre-audit preparation & post-audit follow-up activities.  

  • OLDE requires a 50% deposit at least 60 days prior to assessment to reserve the assessment date.  Remaining payment must be made at least 30 days prior to assessment.

  • Availability is booked on a first-come, first-served basis.  90 day notice is required.

  • Absolutely no documents may be removed from any facilities unless pre-approved.

  • Data Center tours are available upon request, and for an additional fee.  Subject to scheduling availability.

Questions?

Contact the e-OSCAR Help Desk at (866) MY OSCAR or (866) 696-7227
Monday - Friday, 8am - 6pm ET