Building Information Security into Your Third-Party Vendor Management Program

Posted on in Presentations

This discussion will cover how to build/evaluate a mitigation risk framework for third-party vendors. It will examine some standard industry forms of attestation (PCI ROC, SSAE 16, SOC 2), criteria for evaluating risk (sensitivity of data, controls around access, scale of data, reputation of vendor) and contractual protections (employee screening, incident notification requirements, audit rights).
Steve Winterfeld


Advisory CISO, Akamai

Security Strategy & Architecture

fraud governance risk & compliance identity management & governance law



Share With Your Community