Information Security

Welcome to the Information Security Community. Here you will find the latest discussions and resources that can help you in this area. This community is dedicated to discussions related to SOCs, business continuity and disaster recovery planning, cybersecurity and other information security topics and challenges. Note: You will need to Sign In to join in the discussions and access resources. 

About Third Party Information Security: You're expected to understand your vendor's approach to security. Verifying a vendor’s information security practices are sound is vital to safeguarding your data. It needs to be a requirement since the protection of your data, regardless of the size of your organization, and the protection of each individual customer are fundamental to the success of your organization.

Latest Discussion Posts

  • Profile Picture

    RE: Info Sec Risk Ratings...and Quantification

    This message was posted by a user wishing to remain anonymous We do use a risk-based approach based on quantity of records and type of PII at risk. We don't have set numbers but general guidelines (e.g., minor, moderate, significant exposure). So a ... More

  • Profile Picture

    Info Sec Risk Ratings...and Quantification

    This message was posted by a user wishing to remain anonymous Am curious if anyone uses the AMOUNT of PII or MNPI (i.e. ANY sensitive data) "given" to a vendor to assist with determining the Risk Rating from an Info Sec perspective. even a smidgen ... More

  • I have not come across a vendor management responsible person with a CISSP certificate, but I'm positive that I have only met a small portion of us out there. However, I am in a similar position to yours. I am our IT back-up person, I handle vendor management, ... More

  • I have build a pretty comprehensive vendor review template. Multiple tabs for diffferent information on a vendor / product / service. When I do the next year, I copy and paste the previous years file, rename it, and then can compare previous years review ... More

  • I did the cybersecurity webinar from Venminder yesterday, and it was recommended that security reports / audits/ pen tests be reviewed by a certified professional with CISSP certificate. My background has always been IT, IT manager for multiple banks, ... More

ThinkTank Announcements

  • Seeking Your Input - Annual TPRM Survey!

    Hi Community Members, We’re looking for your valuable input! Venminder is conducting their annual survey for the State of Third-Party Risk Management 2021 whitepaper and we’re hoping you may have 5 minutes to spare to help out and take the survey. The complimentary whitepaper will be released in early ... More
  • Community Update - 1,000 Members

    Hi Everyone, I want to share some very exciting news with you all. We have reached 1,000 community members! This is a milestone we’re very proud of and it’s all thanks to the fantastic third-party risk conversations you all are having every day. As always, please let me know if you have any thoughts ... More
  • COVID-19 Resources Page

    Hi Everyone,   With the COVID-19 pandemic upon us, organizations are implementing their pandemic plans, many employees are working remotely and changes in vendor management are rapidly occurring. In the industry, it has raised lot of questions about pandemic planning and best practices and reminds ... More
  • Happy New Year - We Want Your Feedback!

    Happy New Year ThinkTank members! We hope you've found the community discussions this past year to be enlightening and engaging. As we head into 2020, we want to hear your thoughts and feedback as it'll help us continue to understand what you'd like to see more of in the Third Party ThinkTank Community. ... More