This message was posted by a user wishing to remain anonymous
Hi Everyone, at my company (large global insurance company) we are looking in to broadening processes and controls around data sent to third parties. I'm wondering if anyone as any processes or controls or even a tool or vendor product they have at their company in this space and willing to share. I'd like to understand who within the company owns third party data risk (if there is one single owner), how it is governed, what controls you may have in place, etc. For more specificity, third party data to us would be managing and minimizing data sent to third parties through thinks like MFT, APIs, portals, etc. And would include capturing and classifying the data elements and sensitivity of the data and who the data is sent to (which could be a vendor, customer, agent/broker, etc) - ideally in a perfect situation we would like to have all this information in an easy to obtain place and is current.
Thank you!
-------------------------------------------