DOL Cybersecurity RFP — Culpepper RFP

DOl Cybersecurity Audit

Culpepper RFP has experience and technical skills to assist you in the selection of a DOL Cybersecurity Audit Firm.

We combine both DOL, ERISA and cybersecurity expertise to insure you are able to evaluate service providers with these projects.

Many organizations do not have the internal resources to make an objective and well informed decision.

Culpepper RFP, LLC assists you in evaluating cybersecurity consultants to complete an audit as outlined by the DOL guidelines.

The DOL best practices cover 12 topic areas for the sponsor and service vendors:

1. Have a formal, well-documented cybersecurity program.

2. Conduct prudent risk assessments.

3. Have a reliable annual third-party audit of security controls.

4. Clearly define and assign information security roles and responsibilities.

5. Have strong access control procedures.

6. Ensure that any assets or data stored in a cloud or managed by a third-party service provider are subject to appropriate security reviews and independent security assessments.

7. Conduct periodic cybersecurity awareness training.

8. Implement and manage a secure system development life cycle (SDLC) program.

9. Have an effective business resiliency program addressing business continuity, disaster recovery, and incident response.

10. Encrypt sensitive data, stored and in transit.

11. Implement strong technical controls in accordance with best security practices.

12. Appropriately respond to any past cybersecurity incidents.

Learn more about the DOL and your Cybersecurity compliance

Schedule a Call

The DOL issued three guidance documents.

1. Cybersecurity Program “Best Practices”

2. “Tips” to help plan sponsors and fiduciaries select service providers

3. “Online Security Tips” for plan participants and beneficiaries

Frequently Asked Questions

If you’re the person carrying the responsibility for benefits decisions inside the organization, this will feel familiar. Culpepper RFP supports HR and finance leaders, ERISA counsel, and committees—because the pressure and the risk often land on your desk either way.
Culpepper RFP focuses on managing the RFP process itself, so you’re not piecing together vendor comparisons, chasing information, and trying to document everything in between your day-to-day responsibilities. You’re still involved in direction and fiduciary decisions, but the heavy lift of gathering, organizing, and evaluating is handled through our documented process.
Our services are designed to reduce the time executives and internal teams spend managing details. Expect some upfront coordination and a few check-ins along the way, but the goal is that you’re not carrying weeks of follow-up, tracking, and evaluation work on top of everything else.
That’s a real concern.Our services are positioned as an independent third-party evaluation process, which can lower the temperature and keep the focus on documented criteria instead of internal pressure or preference. It won’t erase politics, but it can give you a clear, neutral structure to point back to.
No. Our independent evaluation processes support people who are accountable for the outcome, even if the technical details aren’t your daily focus. We can help you evaluate whether going to an RFP is even necessary, which is often what you want when you’re trying to make a smart decision without creating extra work.
If you’re thinking, “I’m not sure what level of process we actually need,” you’re not alone. Before you sign up with us we will review your objectives and discuss the most cost and time effective solution. Our services include fee and service benchmarking, RFI evaluation, and full RFP evaluations—so the approach can match the situation instead of defaulting to the most intensive option.

“The committee was extremely pleased with the process, results and education supplied to it. I highly recommend the Culpepper Group to other organizations for similar assignments.”

— ERISA attorney