Vendors and other third parties – necessary for most businesses – present significant cybersecurity risks and are frequently the source of breaches, from large-scale incidents to smaller data leaks. Properly vetting these third parties is a challenging, but critical, aspect of cybersecurity programs. This article series provides a three-step framework to appropriately allocate resources to due diligence and mitigate the risks third parties pose. Part One provided a framework for companies to (1) categorize potential vendors based on risk levels, including specific questions to ask; and (2) conduct initial due diligence on vendors that present a medium or high level of risk. Part Two addresses when the categorization of medium-risk vendors should move to high-risk based on red flags discovered during the initial due diligence and details step three of the framework: deeper due diligence for high-risk vendors, including follow-up questioning, documentation of audits or certifications and in-person diligence.
Apr. 22, 2015
Designing and Implementing a Three-Step Cybersecurity Framework for Assessing and Vetting Third Parties (Part Two of Two)
- Amy Terry SheehanCybersecurity Law Report
To read the full article
May 15, 2019
ECJ Confirms Direct Parental Liability for Civil Damages for Subsidiary Antitrust or GDPR Violations
Apr. 24, 2019
Lessons From FTC's 2018 Privacy and Data Security Update: Enforcement Takeaways
Apr. 24, 2019
SEC Risk Alert Highlights Policy Design and Implementation Failures and Roadmaps Future Enforcement
May 8, 2019
Lessons From FTC 2018 Privacy and Data Security Update: Hearings, Reports and 2019 Predictions
May 1, 2019
Lessons From FTC 2018 Privacy and Data Security Update: Financial Privacy, COPPA and International Enforcement
Global Editor-in-Chief Rebecca Hughes Parker spoke to Lisa Fine, podcast host and compliance director, Americas, at Pearson, about the biggest trends in compliance, the growth of the Cybersecurity Law Report and the Anti-Corruption Report, and the challenges women face in the workplace. The podcast is available on iTunes, or by searching for “Great Women in Compliance” on any podcast player.