Join me 2020-03-19 as we welcome back industry expert Regina Phelps. We’ll be talking about Cyber Exercises That Prepare You for the Impacts of a Cyber Incident. Enjoy!
The 2019-03-14 show will focus on Information Security with InfoSec Specialist, Jason Maynard. Enjoy!
Without an effective vendor management program, the threat looms large.
How can a business effectively manage the oversight of its third-party vendors’ security and privacy programs? After all, these are completely independent organizations, running their own businesses and executing their own practices.
It may sound overwhelming (perhaps even impossible), but it is doable with an effective vendor management program.
Below are five key components to such a program. Keep in mind these are not one-and-done to-do’s. Each of the following should be performed on an ongoing basis.
- Document all third-party vendors.
Do you know every vendor doing work for your organization? The first, and possibly most neglected, step is to identify and document at least the following details for all vendors:
- Contact names
- Office locations
- Dates contracted
- Services performed
- Data shared
Be sure to keep these details up-to-date for all vendors. You should also retain this information for past vendors for at least six years (longer if your business must follow strict data retention requirements).
One thing to watch out for, especially in large organizations with multiple locations, is multiple vendor contracts. Often, these firms will contract the same vendor to perform the same activities for each location, yet under differing contractual agreements. This creates an additional risk of vendor non-compliance.
- Document the information each vendor accesses.
Once you have identified all vendors, you need to document the types of information each has access to. For example: full name, mailing address, phone number, social security number, email address, birthdate, etc. More access to sensitive information (e.g. health data, social security numbers, etc.) means higher risk, and therefore, requires more oversight. Be sure to document the security controls associated with each vendor and establish a way to keep the information up-to-date.
Once you’ve identified the data each vendor accesses, you are ready to determine the risks to that data. The most effective way is a data flow analysis in combination with a risk evaluation. When it comes to performing this analysis, keep in mind simpler is usually better.
- Establish and update contractual requirements.
Determine if your contractual requirements for each vendor are adequate. At a minimum, your contract should include rights to:
- Request completed risk evaluations on a regular basis (quarterly or bi-annual)
- Be notified and approve of any subcontracting involving data
- Review vendors’ documented information security and privacy policies
- Be notified as soon as possible (typically within one business day) of a breach
- Determine and monitor risk levels.
You also need to determine the level of risk each vendor presents to your organization. You can often establish a preliminary risk level based on the following details:
- The amount of sensitive information involved
- The number of locations, including number of countries, the vendor is using to store and process data
- The number of the vendor employees who have access to data
- The number of technologies / devices used
- The maturity of the vendor’s information security and privacy program
- Establish a plan for ongoing oversight.
There are many effective ways to maintain oversight of your vendors. Which you choose depends on the type of service the vendor provides. Below are some options to consider:
- Obtain monthly or quarterly attestations from your vendors’ executives. By attesting that security and privacy programs are maintained and enforced, the executives become even more personally accountable.
- Perform risk assessments. These assessments may include requiring the vendors to complete surveys to help you evaluate their security and privacy programs.
- Require and monitor your vendors’ regulatory compliance specific to their industries and applicable legal requirements.
The more automated you can make ongoing oversight the better. However, some of your highest risk vendors may require personal phone meetings, or even on-site visits.
How SIMBUS360 can help
If you need help with any of the above processes, consider a vendor tracking automation tool, such as SIMBUS Tracker. SIMBUS Tracker is powerful vendor management software designed to monitor organizations with access to personal information. It consolidates all necessary compliance verification information and associated records into one simple-to-use, secure platform and performs ongoing oversight of your vendor relationships.
SIMBUS Tracker is available for direct use. It’s also available in a white-label version. So, if you lead a business, such as a law firm, managed services IT firm, consultancy or an accounting practice, and you’d like to help your clients with their own vendor management, SIMBUS Tracker is ideal software for opening up that additional business line or revenue source for your firm. Contact Dave Greek to learn more.
For more information, download our Vendor Oversight & Risk Management Tips guidance document. The document includes common security and privacy risks discovered from more than 300 vendor assessments.
According to a recent FBI study, daytime crimes accounted for 66% of all burglaries nationally. Do you know how to keep your home and property safe while you are present as well as on vacations? In T42, Cynthia Brian and Heather Brittany offer concrete tips based on research that will help you be secure.
We live in a youth oriented society. Once over thirty, everyone yearns to be younger. How can we stay young as we age? Surround yourself with love and joy and find out how to be forever young.
With the West Coast drought still on high alert, Cynthia Brian visits the Ruth Bancroft Garden for lesson in bold dry gardening. Find out what succulents are easy to grow for the present and for posterity.
Listen at Voice America
Listen at StarStyle Radio with photos and descriptions
Read our BTSYA August Newsletter
Whatâs happening? Want to party? Visit our Event page
Make a DONATION through PAYPAL GIVING FUND:
Help Be the Star You Are!Â® without spending a penny. If youâve ever purchased a TV or computer screen, just 3 minutes of your time is needed to fill out the simple form and click submit. Every unit qualifies for a donation of about $20 to Be the Star You Are!Â®. You will receive a tax receipt once the donations have been dispersed. PLEASE do this today. Thanks from Be the Star You Are!Â®
Read about our SUCCESSFUL VOLUNTEERS: READ AT PRESS PASS
Catch up with all broadcasts on ITunes
Buy books by Cynthia Brian
The award winning positive talk radio program, StarStyleÂ®-Be the Star You Are!Â® broadcasts on the Voice America Empowerment Channel LIVE every Wednesday from 4-5pm Pt/7-8pm ET.. Cynthia Brian and Heather Brittany are the Mother/Daughter dynamic duo who have been co-hosting this program live weekly since 1998 bringing upbeat, life enhancing conversation to the world. With Cynthia’s expertise in interviewing the trailblazers, authors, and experts and Heather’s healthy living segments, these Goddess Gals are your personal growth coaches helping you to jumpstart your life while igniting your flame of greatness. Brought to the airwaves under the auspices of the literacy and positive media charity, Be the Star You Are!Â®, (http://www.BetheStarYouAre.org) each program will pump your energy to help you live, love, laugh, learn, and lead.
For photos, descriptions, links, archives, and more, visit .
Get inspired, motivated, and informed with StarStyleÂ®-Be the Star You Are!Â®
Lend us Your Ears!!!
Make a donation today to Be the Star You Are!Â® charity
Cynthia Brian talks about the empowering outreach programs offered by Be the Star You Are!Â® charity.
Embed StarStyleÂ® Be the Star You Are!Â® Radio
If you are a fan of the authors, experts, celebrities, and guests that appear regularly on StarStyleÂ®-Be the Star You Are!Â® radio, you can now be sure to never miss an episode. Embed this code into your WordPress site or any site and you’ll always have Cynthia Brian, Heather Brittany, and all of your favorite pioneers on the planet at your fingertips. Upbeat, positive, life-changing talk radio broadcasting live each week since 1998. Lend us Your Ears. We are StarstyleÂ®-Be the Star You Are!Â®
<Iframe src=”http://www.voiceamerica.com/jwplayer/HostPlayer.html?showid=2206″ frameborder=”0″ scrolling=”auto” width=”420″ height=”380″></Iframe>
Be the Star You Are!Â® charity. Every Season is for Giving Make a donation today.