by Aurore Watts | Aug 19, 2019 | InfoSec Strategies
Why should security attestations be different from clothing, shoes, bank accounts and, well, a lot of things… You may not like it but you can’t get around it. The simple fact is that going after big clients means you need big attestations. If you’re selling software... by Leigh Ronczka | Jul 23, 2019 | InfoSec Strategies
How do you really know your highest-risk vendors are doing what they say they’re doing, security-wise—especially if it involves meeting your specific requirements? Do you insist on the right to audit vendors? If so, do you have the skills and technology savvy to do... by Jeremy Sporn | Jun 3, 2019 | Business Continuity Management, Disaster Recovery, InfoSec Risk Assessment, InfoSec Strategies, ISMS Consulting, ISO 22301
The SaaS model depends on trust. As a SaaS provider, are potential customers confident they can trust you with their data? Despite massive and growing investments in cloud applications and services, a recent McAfee study on the state of cloud adoption and security... by Chris Dorr | Apr 16, 2019 | Third Party Risk Management
Editor’s Note: This post was originally published in April 2017. It has been updated to reflect the name change from AUP to SCA. A Standardized Control Assessment document (formerly known as an Agreed Upon Procedures document) is a great tool for third-party risk... by Kevin Hermosura | Apr 5, 2019 | Third Party Risk Management
When it comes to vendor risk management questionnaires, less can definitely be more. In this post, I’ll share three value-add tips on why and how to streamline your vendor review process and reduce the length of your questionnaires while maintaining a high level of...
