What are the key parts of privacy and security vendor management? What role does a privacy office, a security office, a procurement office, and counsel play in the process? What level of vendor oversight is the government looking for, what level is best practice, and how does an organization focus limited resources to best reduce risk in this area? How important is a right to audit to obtain in contract? How important is it to actually audit vendors (especially with limited resources)? How much credence should be given to independent assessments, such as a SOC 2 report? Should vendors provide documents such as a risk analysis or internal policies to their customers, or does that actually raise more information security concerns than it addresses?
Rebecca Herold, CEO, The Privacy Professor® and CVO & Co-Founder, SIMBUS360
Andrew Ysasi, Executive Director, Kent Record Management, Inc.
Stacey Halota, Vice President, Information Security and Privacy at Graham Holdings
Q&A: Marcus Ranum chats with Privacy Professor CEO Rebecca Herold: Organizations will be judged by the company they keep, warns Herold. Don’t let third parties skate, when your data security is at risk.
Hiring contractors? 5 areas to check information security practices
ISACA Webinar: An Effective Framework for Third-party Information Security and Privacy Oversight & Risk Management
ITGRC Forum Webinar: “How to Identify and Reduce the Risks of 3rd Party Vendors”