JAYEN GODSE, July 2020
Upstream compliance, cyberthreats, geographical location, financial assets, and reputation are five of the top vendor risks most organizations face. But different industries also face vendor risks challenges that are unique to their business sector.
Key Elements of Comprehensive Vendor Governance Program
JAYEN GODSE, July 2020
Contracting the right vendors, monitoring their performance, and managing associated risks—they all pose significant challenges that too many organizations are still ill-equipped to deal with.
Supply Chain Risk Management
RAJITA NAIR, June 2020
What is SCRM?
Supply Chain Risk Management is “the implementation of strategies to manage both everyday and exceptional risks along the supply chain based on continuous risk.,
Risk Remediation and Tracking by ComplyScore: How We Do It ?
RENEE ROBINSON, June 2020
Risk remediation is a crucial part of the vendor risk assessment cycle. If incorrectly executed, it will dilute and diminish the effort put into the assessment. A detailed and relevant questionnaire, a thoroughly executed assessment, is a wonderful precursor to mitigation tracking.
Shift to Online Audits
VIRAT SHAKTIVARDHAN, May 2020
Recent events related to COVID-19 have had a huge impact on the way organizations operate and function. Along with posing many challenges, it has also opened many possibilities and ideas to a new way of doing things.
Reliability of Questionnaires & How to Validate Answers
JAYEN GODSE, May 2020
Risk assessment questionnaires play an important role in an organization’s vendor governance program. Questionnaires based due diligence is essential to understanding how your third-party vendors manage cybersecurity risks as well as the investments they have made to mitigate exposure across people, processes, and technology.
Assessing Inherent Risk in Third Party Risk Management
JAYEN GODSE, April 2020
A successful vendor management program needs to invest heavily in managing risks associated with 3rd party vendors. Risk assessment consists of assessing inherent risk and residual risk. Inherent risk is the risk associated with a given engagement regardless of the control/s that the vendor has implemented.
Value of a Third-Party InfoSec Assessment Program
RAJITA NAIR, April 2020
Information Security (InfoSec) professionals realize that their infosec program is only as strong as the weakest link. 3P (Third Party) vendors with access to sensitive data are generally regarded as the weak link, hence the focus on securing the 3P.
Enterprise Vendor Risk Management: Is Your Organization Proactive Or Reactive?
JAYEN GODSE, March 2020
Organizations often fail to anticipate the risks associated with 3rd party vendors. The threats they have exposed their own data to, and possibly their customers’ data, are realized, on many occasions, only after the breach has happened and all they can do at that point is damage control.
3P Risk Templates
JAYEN GODSE, February 2020
The InfoSec risk assessment process seems easy and straight forward. Send questions, receive answers, review the answer, and send the report. Of course, each step is a mini process in itself. It starts with knowing the vendor, knowing the risk areas, asking the right risk questions to evaluate the risk, and sending corrective actions.
AWS Security: Best Practices for Third Party ( 3P) InfoSec Assessments
JAYEN GODSE, January 2020
An effective vendor risk assessment is the cornerstone of every successful third-party risk management program. While the essential elements of an assessment should, in theory, be easily determined, the ever-evolving IT security landscape and threats are making the process more complex.