Vendors and other third parties – necessary for most businesses – present significant cybersecurity risks and are frequently the source of breaches, from large-scale incidents to smaller data leaks. Properly vetting these third parties is a challenging, but critical, aspect of cybersecurity programs. This article series provides a three-step framework to appropriately allocate resources to due diligence and mitigate the risks third parties pose. Part One provided a framework for companies to (1) categorize potential vendors based on risk levels, including specific questions to ask; and (2) conduct initial due diligence on vendors that present a medium or high level of risk. Part Two addresses when the categorization of medium-risk vendors should move to high-risk based on red flags discovered during the initial due diligence and details step three of the framework: deeper due diligence for high-risk vendors, including follow-up questioning, documentation of audits or certifications and in-person diligence.
Apr. 22, 2015
Designing and Implementing a Three-Step Cybersecurity Framework for Assessing and Vetting Third Parties (Part Two of Two)
- Amy Terry SheehanCybersecurity Law Report
To read the full article
Feb. 27, 2019
Preparing for the CCPA: Securing Buy-In and Setting the Scope
Mar. 6, 2019
Preparing for the CCPA: Best Practices and Understanding Enforcement
Jul. 18, 2018
What to Expect From California’s Expansive Privacy Legislation
Mar. 13, 2019
Takeaways From 2018 COPPA Developments and a Forward-Thinking Approach to Compliance
Mar. 13, 2019
Essential M&A Cybersecurity Due Diligence Questions
Measuring the effectiveness of a compliance program can be tricky, but some companies are finding ways to use their existing internal controls to generate useful data. Join our sister publication the Anti-Corruption Report (ACR) for a complimentary webinar that explores Hewlett Packard Enterprises’ new travel-and-entertainment-approval tool. On Wednesday, March 27, 2019, from 1:00 p.m. to 2:00 p.m. EDT, the ACR’s Megan Zwiebel will interview Becky Rohr, vice-president of anti-corruption and global trade at Hewlett Packard Enterprises, about how they are using their T&E tool to measure and improve compliance. Registration information is here.