As a plan fiduciary, you need to establish a prudent process to understand the cyber security standards and practices of your service providers. Download this questionnaire to help you fulfill your due diligence requirements to document such practices.
Send each of your service providers these questions and retain for your records. It is recommended to complete this on an annual basis.