by Jeremy Sporn | Sep 15, 2020 | ISO 27001 Certification
Reading Time: 2 minutes
Getting an ISO 27001 certificate from a vendor is an overarching statement that, yes, they have an information security management system (ISMS) that meets the requirements of the ISO 27001 standard. But what is the scope of... by Jeremy Sporn | Aug 20, 2020 | Third Party Risk Management
Reading Time: 3 minutes
The so-called “iron triangle” of project management states that you can make something better, faster OR cheaper—pick any two. But you can never have all three. Making it cheaper makes it less good, making it happen faster increases... by Jeremy Sporn | May 13, 2020 | Third Party Risk Management
Reading Time: 2 minutes
The Shared Assessments Program offers multiple tools to assess third-party information security risk. Probably the best-known of these tools is the Standardized Information Gathering (SIG) questionnaire. A growing number of... by Jeremy Sporn | May 12, 2020 | Third Party Risk Management
Reading Time: 2 minutes
If you’re familiar with the Standardized Control Assessment (SCA) from the Shared Assessments Program, you know it’s a valuable tool to assess information security risk, especially for third-party risk management (TPRM); e.g.,... by Jeremy Sporn | May 8, 2020 | Third Party Risk Management
Reading Time: 3 minutes
For organizations of all sizes, one of the top information security challenges from COVID-19 is dealing with escalating third party risk. If vendors handle your critical data, how is remote working, key staff out sick and other...
