by Kevin Hermosura | Dec 13, 2019 | Third Party Risk Management
Reading Time: 2 minutes
Managing vendor risk effectively can demand significant planning and resources. Many small to medium sized businesses (SMBs) lack the expertise and employee bandwidth to tackle the problem in-house, so they’ve put off addressing it.... by Kevin Hermosura | Nov 15, 2019 | Third Party Risk Management
Reading Time: 2 minutes
A disturbing fact that often comes to light in conversations with clients and prospects is that IT and information security teams don’t know what vendors their company is sharing sensitive data with. Sure, they can name their most... by Kevin Hermosura | Oct 25, 2019 | Third Party Risk Management
Reading Time: 3 minutes
A SOC 2 attestation is a report from an independent auditor, which states his or her opinion of a company’s internal security and financial controls. SOC 2 doesn’t start with a detailed list of requirements that must be met and how... by Kevin Hermosura | Oct 24, 2019 | Third Party Risk Management
Reading Time: 2 minutes
In our practice we’re seeing a big uptick in client stress levels with respect to security questionnaires, especially among software-as-a-service (SaaS) providers. Three trends are driving this: A growing percentage of prospects are... by Kevin Hermosura | Sep 24, 2019 | Third Party Risk Management
Reading Time: 2 minutes
You’re a salesperson. You’ve spent untold hours cultivating an awesome prospect: wining and dining, arranging presentations, making site visits, and so on and on. The contract is all but signed. Then the prospect hands you a security...