Third Party Vendor Risk Management

In this presentation, John Verry (Principal Consultant and ISO 27001 Certified Lead Auditor at Pivot Point Security) offers thought provoking and challenging presentation originally made before an audience of experienced and senior Information Security professionals from a variety of markets at the CISO Executive Network’s Philadelphia and New York City chapter events on Third Party Vendor Risk Management

Outsourcing provides notable rewards but they don’t come without risk.

The use of cloud computing and outsourced services like suppliers, hosting and consultants are becoming a common dependency in companies from small to large businesses. How do you know if shared information is safe?

“Responsibility isn’t always obvious”

John offers key questions to ask when managing third party vendor risk:

What form of testing is suitable for the risks defined?
What form of assurance/attestation is best?
What direct access/testing is required for incident response/monitoring?
What reporting and service level agreements do we need to monitor?

CMMC Preparation

ISO 27001

SOC 2 Readiness

Virtual CISO (vCISO)

IoT Security

Network Security

Application Security

Vendor Due Diligence

SaaS Security

Business Continuity

Blockchain Security

SCA

CMMC

NIST SP 800-218

CCPA

SOC 2

CIS CSC

PCI

FedRAMP

GLBA

NYDFS

GDPR

HIPAA

HITRUST

TISAX

Podcasts

Resources

Blog

About Us

Leadership

Jobs

Locations

Partner With Us

Third Party Vendor Risk Management

“Responsibility isn’t always obvious”

How can we help you?