VENDOR MANAGEMENT & DUE DILIGENCE
Request compliance documentation for your vendor review
We provide a standard set of business and security documentation to registered data furnishers.
Before you submit your request - three things you'll need:
Your e-OSCAR Registration ID Number (found on your billing invoice or within the e-OSCAR System under Administration Management / View-Update Registration
The name of your company's e-OSCAR Registration Administrator
A free e-OSCAR University Learning Management System Account. Documents are delivered there, not by email attachment.
How our Vendor Management Process works:
Four steps to get the information you need.
NOTE: Steps 1 and 2 are the most common source of delays.
1
Confirm you have what you need to submit.
Your request cannot be completed without the following. Gather these before submitting - incomplete submissions are returned.
-
Registration ID - the 7-digit account number on your e-OSCAR billing invoice, or visible within the e-OSCAR System under Administration Management / View-Update Registration.
-
Registration Administrator name - the full name of the person listed as your account's Registration Administrator (RA). This must match our records. If you're unsure about who your RA is, check with your account owner or call the e-OSCAR Help Desk before submitting.
-
Package Type - Business Information Package, Compliance Package, or both. See below for what each includes.
2
Create your e-OSCAR University Learning Management System account (if you don't have one).
Documents are delivered through the e-OSCAR University Learning Management System - not by email attachment. If you don't have an account, create one at www.e-oscar-training.org using the enrollment key
EO-[your Registration ID]. For example, if your Registration ID is 1234567, your enrollment key is EO-1234567
3
Submit your request.
Email the e-OSCAR Help Desk at eoscarhelpdesk@newmgtservices.com with subject line Vendor Management Request for Information, and include your Registration ID, Registration Administrator name, and the package(s) you're requesting. Alternatively, submit a ticket through our support portal).
4
Access your documents in the e-OSCAR University Learning Management System.
Once your request is validated, we'll enroll you in the relevant course(s) in the LMS and notify you by email. Documents are available for 14 days from the date of enrollment - after which access expires and a new request is required.
Log in at www.e-oscar-training.org, go to My Courses on your dashboard, and open the Business Information Package &/or Compliance Information Package.
What's in each package
We provide two standard packages. Review the contents before requesting to confirm they cover what your vendor review requires.
Business Information Package
General organizational and financial documentation
OLDE Business Management Letter
OLDE Business Tax Receipt
Certificate of Insurance (COI)
Independent Auditor's Report
W-9
Privacy Policy
Note on financials: Per OLDE policy, additional financial statements beyond the Auditor's Report are not released. OLDE is a non-public company established in 2006 and continuously owned by the four national Consumer Reporting agencies.
Compliance Information Package
Security & compliance documentation
OLDE Compliance Management Letter
Written Information Security Policy
DR Exercise Plan & Results Summary
High-level network diagram
Application & Network Penetration Tests
SOC Documentation (OLDE & key partners)
PCI Attestation of Compliance
Unless we are contractually bound to do so, OLDE DOES NOT complete Data Furnisher provided questionnaires. Our standard Terms of Use do not require us to complete questionnaires.
Need something not in the standard packages?
If your review requires documentation beyond what the standard packages contain, we make additional evidence available through a secure online data room. The process has two tiers depending upon what is needed:
TIER 1
Data room access
Self-serve access to extended documentation not in the standard packages. Available on a first-come, first-served basis.
2-week access window.
TIER 2
Facilitated audit call
For unresolved findings after data room review, OLDE, the relevant vendor(s), and your team could meet on a scheduled call. This approach requires a list of outstanding items at least two weeks in advance.
$250/hour, 2-hour minimum. Requires executed Statement of Work.
