ARCHIVED CONTENT
You are viewing ARCHIVED CONTENT released online between 1 April 2010 and 24 August 2018 or content that has been selectively archived and is no longer active. Content in this archive is NOT UPDATED, and links may not function.From Information Security Blog
Nearly every company shares proprietary information with vendors, or entrusts sensitive customer data to them to store and process. In so doing, you extend to them the responsibility you have to your stakeholders to keep that data secure.
Do you know for sure how well are each of your vendors is upholding that responsibility on your behalf? As cybercriminals increasingly target vendors as a way to attack their customers, and regulators increasingly hold organizations liable for breaches of vendor-controlled data, the importance of managing information security risk associated with your vendors is escalating.
But obviously some vendors (IT services, payroll/benefits, legal, maybe even your cleaning company) inherently pose more information security risk than others. How do you decide what vendor-related risks are most critical? How can you make sure that vendor risk is monitored and addressed consistently?
Read the original complete at: Ten Steps Towards a Vendor Risk Management Policy