Top Industries That Need To Up Their Vendor Risk Assessment Game

Top Industries That Need To Up Their Vendor Risk Assessment Game

JAYEN GODSE, July 2020

 

Upstream compliance, cyberthreats, geographical location, financial assets, and reputation are five of the top vendor risks most organizations face. But different industries also face vendor risks challenges that are unique to their business sector.

Read More

Key Elements of Comprehensive Vendor Governance Program

Key Elements of Comprehensive Vendor Governance Program

JAYEN GODSE, July 2020

 

Contracting the right vendors, monitoring their performance, and managing associated risks—they all pose significant challenges that too many organizations are still ill-equipped to deal with.

Read More

Supply Chain Risk Management 

RAJITA NAIR, June 2020

 

What is SCRM?  

Supply Chain Risk Management is “the implementation of strategies to manage both everyday and exceptional risks along the supply chain based on continuous risk., 

Read More.

Risk Remediation and Tracking by ComplyScore: How We Do It ?

RENEE ROBINSON, June 2020

 

Risk remediation is a crucial part of the vendor risk assessment cycle. If incorrectly executed, it will dilute and diminish the effort put into the assessment. A detailed and relevant questionnaire, a thoroughly executed assessment, is a wonderful precursor to mitigation tracking.

Read More

Shift to Online Audits

Shift to Online Audits

VIRAT SHAKTIVARDHAN, May 2020

 

Recent events related to COVID-19 have had a huge impact on the way organizations operate and function. Along with posing many challenges, it has also opened many possibilities and ideas to a new way of doing things.

Read More

Reliability of Questionnaires & How to Validate Answers

JAYEN GODSE, May 2020

 

Risk assessment questionnaires play an important role in an organization’s vendor governance program. Questionnaires based due diligence is essential to understanding how your third-party vendors manage cybersecurity risks as well as the investments they have made to mitigate exposure across people, processes, and technology.

Read More

Assessing Inherent Risk in Third Party Risk Management

Managing Inherent Risks in TPRM

JAYEN GODSE, April 2020

 

A successful vendor management program needs to invest heavily in managing risks associated with 3rd party vendors. Risk assessment consists of assessing inherent risk and residual risk. Inherent risk is the risk associated with a given engagement regardless of the control/s that the vendor has implemented.

Read More

Value of a Third-Party InfoSec Assessment Program

Value of a Third-Party InfoSec Assessment Program

RAJITA NAIR, April 2020

Information Security (InfoSec) professionals realize that their infosec program is only as strong as the weakest link. 3P (Third Party) vendors with access to sensitive data are generally regarded as the weak link, hence the focus on securing the 3P.

Read More

Enterprise Vendor Risk Management: Is Your Organization Proactive Or Reactive?

Enterprise Vendor Risk Management: Is Your Organization Proactive Or Reactive?

JAYEN GODSE, March 2020

 

Organizations often fail to anticipate the risks associated with 3rd party vendors. The threats they have exposed their own data to, and possibly their customers’ data, are realized, on many occasions, only after the breach has happened and all they can do at that point is damage control.

Read More

3P Risk Templates

JAYEN GODSE, February 2020

The InfoSec risk assessment process seems easy and straight forward. Send questions, receive answers, review the answer, and send the report. Of course,  each step is a mini process in itself. It starts with knowing the vendor, knowing the risk areas, asking the right risk questions to evaluate the risk, and sending corrective actions.

Read More

AWS Security: Best Practices for Third Party ( 3P) InfoSec Assessments

JAYEN GODSE, January 2020

 

An effective vendor risk assessment is the cornerstone of every successful third-party risk management program. While the essential elements of an assessment should, in theory, be easily determined, the ever-evolving IT security landscape and threats are making the process more complex.

Read More