Securing your organization’s private data when vendors have access to it means managing relationships from beginning to end, panelists at Compliance Week’s virtual Cyber Risk and Data Privacy Summit agreed.
It’s essential to monitor “the entire life cycle of the relationship with the third parties, from onboarding to offboarding, birth to death,” said David Kessler, vice president and associate general counsel, IT and cybersecurity at BAE Systems, during a panel discussion.
McKenzee McCammack, regional compliance manager at American Express Global Business Travel, said vendor management at her company, which holds large amounts of personal customer data from passports to dietary restrictions, means scrutinizing potential vendors about what security measures they have in place.
THIS IS MEMBERS-ONLY CONTENT. To continue reading, choose one of the options below.
News and analysis for the well-informed compliance or audit exec.
Trial Membership
First week free, then $499 for an annual Membership
Cancel anytime within the trial period.
Annual Membership best value
Subscribe now for $365
Our lowest price ($1 per day) for one year.
The “biggest, most capable, and best-positioned” businesses must assume a greater share of mitigating cyber risks, the White House said in announcing the National Cybersecurity Strategy Implementation Plan.
The Cybersecurity and Infrastructure Security Agency announced a pilot program designed to help critical infrastructure entities vulnerable to cyberattacks mitigate a ransomware incident before it occurs.
A panel of cyber experts and a chief compliance officer in financial services discussed the business risks, threat vectors, and vendor ‘gotchas’ associated with transitioning to a cloud provider at CW’s virtual Cyber Risk & Data Privacy Summit.
Companies that think paying reduced ransomware demands would be a better move than informing regulators of a data breach and facing enforcement are playing with fire, according to experts.
Businesses can prepare for the Securities and Exchange Commission’s upcoming cybersecurity disclosure rule by going through it and identifying key gaps in compliance.
Data security and compliance are not one and the same but have enough overlap that organizations can take steps when building a data security program to move closer to achieving compliance.
