So often we hear about regulatory compliance considerations governing cybersecurity. But what about considerations from a legal perspective? How do your vendors, who may not be subject to Regulation S-P and Regulation S-ID, help ensure they have adequate safeguards when servicing your firm? This month’s legal tip will focus on areas that we find are often overlooked within financial organizations’ cybersecurity program. This includes contractual provisions to look for and request from vendors, due diligence questions to pose to service providers who have access to non-public information and information needed by counsel to respond to a cyber incident.