by Kevin Hermosura | Nov 15, 2019 | Third Party Risk Management
Reading Time: 2 minutes
A disturbing fact that often comes to light in conversations with clients and prospects is that IT and information security teams don’t know what vendors their company is sharing sensitive data with. Sure, they can name their most... by Kevin Hermosura | Oct 25, 2019 | Third Party Risk Management
Reading Time: 3 minutes
A SOC 2 attestation is a report from an independent auditor, which states his or her opinion of a company’s internal security and financial controls. SOC 2 doesn’t start with a detailed list of requirements that must be met and how... by Kevin Hermosura | Oct 24, 2019 | Third Party Risk Management
Reading Time: 2 minutes
In our practice we’re seeing a big uptick in client stress levels with respect to security questionnaires, especially among software-as-a-service (SaaS) providers. Three trends are driving this: A growing percentage of prospects are... by Kevin Hermosura | Sep 24, 2019 | Third Party Risk Management
Reading Time: 2 minutes
You’re a salesperson. You’ve spent untold hours cultivating an awesome prospect: wining and dining, arranging presentations, making site visits, and so on and on. The contract is all but signed. Then the prospect hands you a security... by Kevin Hermosura | Aug 15, 2019 | Third Party Risk Management
Reading Time: 2 minutes
With the average cost of a vendor data breach reaching $3.92 million, organizations are looking for stronger vendor risk management (VRM). If your organization is looking to address VRM but you’re new to the process, a vendor... by Kevin Hermosura | Jun 28, 2019 | Third Party Risk Management
Reading Time: 2 minutes
Recently I earned a Certified Third Party Risk Assessor (CTPRA) designation from the Shared Assessments Program. This certification intends to validate my knowledge “…within specific IT risk control domains that an individual will...
