It’s our risk, not third party risk.
In an ideal world, we can verify that each of our third parties is entirely trust worthy, but our third parties are just as susceptible to breaches as we are. By customizing due diligence efforts and aligning them with the broader business context, companies can enhance their resilience against cyber threats and ensure the security and continuity of their operations.
The fallibility of security questionnaires
The problem with the security questionnaire...is that every one of you that have been on either side of these just groaned (at least on the inside!).
Why Third-Party Risk Management Can't Be Ignored
Less than half of companies have established third-party risk management programs, yet more than half have experienced third-party related breaches in the last year.
Always Verify Identity: Good habits for staying secure.
Whatever the situation, if you do not know that the person asking you to send money, grant them access to a sensitive account, or to share sensitive information is legitimately who they say they are, verify their identity.
Steamline Sales and Build Trust with Transparency
To streamline sales and build trust I recommend a proactive approach by processors. Provide customers (controllers) with information regarding GDPR compliance applicable to data transfer impact and data privacy impact assessments.
SOC 2 Reports are Report Cards, Not Certifications
Here's my quick guide to SOC 2 reports. Nothing new here, but if you're being handed a third party risk hat or are new to GRC, I hope this helps!
Why do I love compliance, he asks…
Compliance is often thought about in the context of definitions like “a disposition to yield to others” a.k.a. passive, or “conformity in fulfilling official requirements” a.k.a. boring as f; but there is another definition of compliance: “the ability of an object to yield elastically when a force is applied”. This is the definition that I nerd out on.
The Power of Remote Working
It has always been clear to me when working remotely who is getting $*@& done and who isn’t.