Vendors and other third parties – necessary for most businesses – present significant cybersecurity risks and are frequently the source of breaches, from large-scale incidents to smaller data leaks. Properly vetting these third parties is a challenging, but critical, aspect of cybersecurity programs. This article series provides a three-step framework to appropriately allocate resources to due diligence and mitigate the risks third parties pose. Part One provided a framework for companies to (1) categorize potential vendors based on risk levels, including specific questions to ask; and (2) conduct initial due diligence on vendors that present a medium or high level of risk. Part Two addresses when the categorization of medium-risk vendors should move to high-risk based on red flags discovered during the initial due diligence and details step three of the framework: deeper due diligence for high-risk vendors, including follow-up questioning, documentation of audits or certifications and in-person diligence.
Apr. 22, 2015
Jan. 2, 2019
The Cybersecurity Law Report’s Most-Read Articles of 2018
Jan. 9, 2019
Ten Cyber and Privacy Resolutions for the New Year
Jan. 9, 2019
GDPR Provides Model for Privacy and Security Laws in Latin America and Asia (Part One of Two)
Jan. 16, 2019
Key Cyber Threats and Targets for 2019
Dec. 12, 2018
Illinois Appellate Decision Creates Split on Standing to Sue Under BIPA
Webinar: Building a Strong Relationship Between Privacy and Information Security Teams for Effective Data Protection
Join the Cybersecurity Law Report on January 24, 2019, from 12:00pm-1:00pm EST, for a complimentary webinar about how privacy and security professionals can effectively coordinate for strong data protection programs. Dan Koslofsky, associate general counsel at Gap Inc., and Aaron Weller, co-founder and strategy VP for Sentinel LLC, will join the Cybersecurity Law Report’s Jill Abitbol to discuss, among other topics, the evolving roles of privacy and security professionals and practical examples of best practices for successful communication and coordination of efforts. Registration information is here.