Close

Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

×

Status message

Start your free, no obligation 5-day trial to continue exploring with full access.

PwC proposes SOC 2+ to dig into third-party risk

Tammy Whitehouse | May 24, 2016

Where companies notice their vendors and other third parties are getting weary of the questionnaires and other inquiries to satisfy risk concerns, assurance experts are beginning to craft new solutions.

At Compliance Week’s annual conference, Karl Shimmeck, executive director and global head of vulnerability management at Morgan Stanley, said companies are looking for better ways to get assurance that their information is secure in the hands of third parties. “This is the most costly area for oversight and we get the least amount of risk reduction when it’s all said and done because of diverse ways to do it,” he said.

Public companies increasingly are held accountable for wrongdoing at the third parties they engage to provide various types of outsourced services, giving companies heightened incentive to dig deeper into controls at service organizations to minimize their...

Buy this article for $49, or subscribe to Compliance Week for a month at $149 and get unlimited article access for 30 days.