/* ---- Google Analytics Code Below */

Friday, February 19, 2021

Fine Tuning Vendor Risk Management

Crucial these days. 

How to Fine-Tune Vendor Risk Management in a Virtual World  in Dark Reading by Ryan Smyth & Spencer MacDonald Managing Director / Director, FTI Technology  

Without on-site audits, many organizations lack their usual visibility to assess risk factors and validate contracts and SLA with providers.

Vendor risk management is nothing new to most security and privacy professionals. Programs for managing vendors are typically well-established and have run like clockwork for quite some time — with many firms requiring their critical vendors to allow access for periodic on-site assessments of privacy, security, and other controls. But as with so many things this year, the coronavirus pandemic has brought well-oiled vendor risk management processes to a screeching halt. Now, without the ability to conduct on-site audits, many organizations lack their usual visibility to assess risk factors and validate whether their providers are doing all they have agreed to in their contracts and service-level agreements (SLAs). 

This is particularly concerning given that vendors and third-party providers are a prime source of breaches in security, privacy and/or compliance. Risk Based Security reported that the incidence of breaches, "involving companies handling sensitive data for business partners and other clients," rose by 35% from 2017 to 2019 and exposed 4.8 billion records last year. ... '

No comments: