AITEC and AIMA launch cybersecurity DDQ

Originally published on 01 July 2016

AITEC and the Alternative Investment Management Association (AIMA), the global representative for alternative asset managers, today have launched a co-branded Illustrative Questionnaire for Due Diligence of Vendor Cyber Security.

The DDQ has been created to streamline the process of conducting due diligence on vendors servicing the alternative asset management industry. The DDQ represents the superset of critical questions compiled by a committee of AITEC and AIMA members who are experienced in technology and operations.

The questionnaire will enable the industry to approach vendors as a single voice, consequently providing efficiencies in communication and ultimately increasing the market's understanding of technology infrastructure.

AITEC and AIMA will host an introductory webinar for members on 14 July. The webinar will address the current regulatory landscape for vendor due diligence, accessing and utilising the AITEC-AIMA DDQ, modifications in the AITEC-AIMA DDQ from the legacy AITEC DDQ, and the value proposition of the AITEC-AIMA DDQ in a vendor management programme.

Conor Kiernan, a Board member of AITEC and CTO of Marshall Wace, commented: “While gaining efficiency in your vendor due diligence process is certainly a plus, the consistency and thoroughness of the questions is of utmost importance. Cyber due diligence is not something one can afford to get wrong in this day and age. This DDQ has been drafted by a consortium of industry experts with many years of experience in the trenches.  It’s a fantastic aid on the road to building a robust technology due diligence process.”

Jack Inglis, CEO of AIMA, said: “It will come as a surprise to no one that cyber security has been a priority in recent years, with the Financial Conduct Authority and the Securities and Exchange Commission particularly noting that more due diligence must be done on vendors as a provision of service. This DDQ should be viewed as the next step of cyber security development for organisations, and certainly is the logical progression from AIMA’s Guide to Sound Practices for Cyber Security.”

This is the first time that the DDQ has been produced as a collaborative effort, with AITEC having released two prior versions in recent years. The latest DDQ relies less heavily on open-ended questions, allowing for easier comparisons to be made within responses. It has been designed with efficiency in mind, ensuring that it is more streamlined and user friendly.

The DDQ will be available to AITEC and AIMA members only.