Building Information Security into Your Third-Party Vendor Management Program


Posted on in Presentations

This discussion will cover how to build/evaluate a mitigation risk framework for third-party vendors. It will examine some standard industry forms of attestation (PCI ROC, SSAE 16, SOC 2), criteria for evaluating risk (sensitivity of data, controls around access, scale of data, reputation of vendor) and contractual protections (employee screening, incident notification requirements, audit rights).

Security Strategy & Architecture

fraud governance risk & compliance identity management & governance law


Topic

Subtopic


Share With Your Community