Blog

Read the Latest Blog Posts
Knowledge. Useful. Quick. 


Stay up-to-date by reading useful articles from industry thought leaders who tackle common challenges and discuss current or proposed industry regulations.

  • As we enter the fall season, and National Cybersecurity Awareness Month, make sure you stay caught up on vendor management and vendor cybersecurity news with the articles covered below.
  • We all wear masks, literally and figuratively. We wear them for fun, safety, privacy and lately we’ve been wearing them everywhere for protection, health and compliance. Some say that wearing makeup or feigning a smile is a form of wearing a mask by, in some way, showing an exterior that is slightly different than what is within.
  • Reviewing a SOC report can feel like a daunting task, especially if you’re unsure of what parts of the SOC report are considered key components, what best practices to follow, how to assess the controls, evaluate results and why vendors write the control activities the way they do. The best way to tackle such a colossal task is, of course, to start at the beginning.
  • Understanding your vendor’s cybersecurity posture is critical. It can help reduce the risk of your vendors and contractors becoming your weakest link, and in today’s environment, many organizations are investing heavily in their cybersecurity programs. This can often mean a LOT of documentation to sift through. But, with so many areas to review, what are the best items to request to get the most comprehensive snapshot of your vendor’s cybersecurity posture?
  • When major storms are a brewing, we can’t help but wonder about all the people that stand to be affected. We don’t mean the grocery stores and their empty shelves, or the gas stations with empty pumps. We think about organizations and their vendors.
  • Most of us know by now how useful it is to review a vendor’s SOC report when doing third-party due diligence. But, what if your vendor doesn't have a SOC report ? If a large corporation doesn’t have a SOC report, that may be considered a red flag, but many small organizations don’t have a SOC report due to the cost of obtaining them and the internal resources required to manage that type of project. So, what can you review instead?
  • Many organizations often have a cumbersome and extensive budgeting process. Sometimes, the budgeting endeavor includes endless hours and late nights — not to mention that constant battle for the “right amount” of money to run business units year to year.
  • Generally speaking, a workflow is a sequence of tasks that move data. Today, regulations drive processes, processes require controls, controls involve approvals and approvals usually get reported. That’s a simple way of highlighting how nit-picky doing anything in the corporate world often is. But that’s also a workflow, right? One thing must happen before another, then it goes to someone else and then on and on.
  • “Phishing,” as we know it in the tech world, isn’t something involving bait and tackle... at least, not in the traditional sense, anyways. Phishing refers to a cyberattack that uses disguised emails as a weapon. The goal is to trick the email recipient into believing that the message is something they want or need — a request from their organization, for instance, or a note from a colleague in their organization — and there’s always a call to action such as to click a link or download an attachment.
  • When it’s time to either review a new critical vendor contract, or start negotiation terms for an existing one, there are some specific provisions you’ll need to be on the look for in order to make sure you’re minding your p’s and q’s when it comes to compliance with industry regulations and standards. So, what should you be looking for?
  • Vendor risk management is a reality in our world today. Every organization on the planet is looking for better ways to strategically manage their business, and vendors are a strategic part of the organization’s production and delivery of products and services.
  • With the explosive growth of outsourced technology services and the increase of third-party data breaches , it’s vital organizations take control of their third-party relationships and implement the necessary steps to properly manage and map their third-party cyber risks.
  • Stay on top of vendor management industry updates this fall with our expert complied list of news and resources.
  • Let’s get this out of the way up front. Every organization has vendors and every organization has a vendor management program, even if your program isn’t formalized. That’s right: every single one! Wow! I feel better now. Each organization has three things they must do: produce a product or service, market that product or service and finance the production and marketing of that product or service. Don’t see vendor risk management in that list? It’s there. Just hidden and unformalized.
  • We’ve all experienced it at one time or another: a once-promising vendor relationship has suddenly (or perhaps, not so suddenly) gone sour. Whether it’s due to repeated SLA failures, a lack of internal or external communication or other performance issues, sometimes there’s nothing left to do but find an exit. And sometimes, that’s not as easy as it sounds.