Specifications include, but are not limited to: A. Detecting and preventing external and internal fraud and security risks; B. Enhancing the integration of technology that might support data exchange, data analysis and data analytics capability of my529’s systems and processes that detect and mitigate fraud and cybersecurity threats; C. Network penetration and social engineering testing; D. Identifying vulnerabilities in systems and processes relative to customer accounts, specifically external fraud risks such as new account fraud, online registration fraud, account takeover, payment fraud and benefit disbursement integrity; as well as internal fraud risks such as account takeover by an employee, false beneficiaries and payment diversion; E. Vendor and partnership management, risk, and due diligence, both initially and ongoing; F. Comprehensive risk identification, gap analysis and management practices; G. Human resources—staff onboarding and ongoing security evaluation (background checks); H. Policies and/or procedures