The fundamentals of compliance-based Vendor Management have been around since 2004’s FFIEC Outsourcing of Technology Services booklet was released. While VM has evolved a bit over the years, the process is essentially still the same. We gather documentation, review it, and try to make a decision whether we keep doing business with this company or not. Analyzing vendor documentation is important, but the real question we need to ask is this: how do we understand if our vendors are really protecting your data?
This presentation will cover the following areas/topics:
- Regulatory Vendor Management Guidance over the years
- Requirements for compliance-based Vendor Management today
- Other ways to manage Vendor Risk
- Other tools to review Vendor security
- Supply Chain Management/4th Party Management
Target Audience: information security officer, IT manager, risk officer, internal auditor, and executives looking to understand expectations around business continuity risks.
This program qualifies for the following CPE Credits through the SBS Institute: 1.5 CPEs*: CBBCP, CBSM, CBVM
ISC2*: Estimated 1.5 hrs. CISSP. ISACA*: Estimated 1.5 hrs. CISA/CISM/CRISC. *Self-Reporting