by Kevin Hermosura | Jan 21, 2020 | Third Party Risk Management
Reading Time: 2 minutes
The Standardized Control Assessment (SCA) tool is provided by the Shared Assessments program. It’s part of their “Trust but Verify” model, where the Standardized Information Gathering (SIG) Questionnaire is the “Trust” portion and... by Jeremy Sporn | Dec 17, 2019 | Privacy, Third Party Risk Management
Reading Time: 2 minutes
As an information security and privacy firm, we talk to a lot of people in businesses like financial services, healthcare, legal, municipalities, Software-as-a-Service… because their cyber security and privacy risks are large and... by Kevin Hermosura | Dec 13, 2019 | Third Party Risk Management
Reading Time: 2 minutes
Managing vendor risk effectively can demand significant planning and resources. Many small to medium sized businesses (SMBs) lack the expertise and employee bandwidth to tackle the problem in-house, so they’ve put off addressing it.... by Kevin Hermosura | Nov 15, 2019 | Third Party Risk Management
Reading Time: 2 minutes
A disturbing fact that often comes to light in conversations with clients and prospects is that IT and information security teams don’t know what vendors their company is sharing sensitive data with. Sure, they can name their most... by Kevin Hermosura | Oct 25, 2019 | Third Party Risk Management
Reading Time: 3 minutes
A SOC 2 attestation is a report from an independent auditor, which states his or her opinion of a company’s internal security and financial controls. SOC 2 doesn’t start with a detailed list of requirements that must be met and how... by Kevin Hermosura | Oct 24, 2019 | Third Party Risk Management
Reading Time: 2 minutes
In our practice we’re seeing a big uptick in client stress levels with respect to security questionnaires, especially among software-as-a-service (SaaS) providers. Three trends are driving this: A growing percentage of prospects are...
