Building Information Security into Your Third-Party Vendor Management Program

Closed captioning will be available in English and Japanese for all keynotes and RSAC track sessions.
Please note: All times are in SGT.

This discussion will cover how to build/evaluate a mitigation risk framework for third-party vendors. It will examine some standard industry forms of attestation (PCI ROC, SSAE 16, SOC 2), criteria for evaluating risk (sensitivity of data, controls around access, scale of data, reputation of vendor) and contractual protections (employee screening, incident notification requirements, audit rights).