Posted on
in Presentations
This discussion will cover how to build/evaluate a mitigation risk framework for third-party vendors. It will examine some standard industry forms of attestation (PCI ROC, SSAE 16, SOC 2), criteria for evaluating risk (sensitivity of data, controls around access, scale of data, reputation of vendor) and contractual protections (employee screening, incident notification requirements, audit rights).
Security Strategy & Architecture
fraud governance risk & compliance identity management & governance law
Topic
Security Strategy & Architecture
Subtopic
fraud
governance risk & compliance
identity management & governance
law
Share With Your Community