What You Dont Know About Vendor Risk Management & Data Privacy Could Cost you Millions in Fines - SANS @Mic

  • Webcast Aired Wednesday, 31 Mar 2021 7:30PM EST (31 Mar 2021 23:30 UTC)
  • Speaker: Norman Levine

"If your company were to get breached, there is a 70% probability it will be through one of your Vendors. If it is Protected Health Information, PHI, that gets exfiltrated, the fines will run into the millions of dollars, including loss of reputation, market share, and loss of revenue.

You do not want to be the person that failed in their due diligence of the Vendor.

This webcast will provide an overview of the requirements for implementing and delivering a Vendor Risk and Data Privacy solution.

It will cover company culture, how to prepare a checklist for an agreement, and the essential IT elements within the agreement itself. Required policies and third-party certifications will be reviewed. Included within the presentation will be a discussion on data privacy and what is necessary to avoid costly fines. Rounding out the talk I will discuss why continuous monitoring is important followed by 'putting it all together.

Topics will include the following:

  • Preparing a presentation for the Board of Directors and living with it
  • Building a successful Information Security checklist for Vendor validation
  • The critical elements of a Data Security Addendum
  • Company policies ' necessary or nice to have
  • Your vendor's control environment - meet your 3rd Party Certification - SOC / HITRUST / ISO 27001 Reports
  • Vetting Vendors: Using the Consensus Assessments Initiative Questionnaire (CAIQ), Standardized Information Gathering (SIG) Questionnaire, or a custom one.
  • Mapping GDPR / CCPA / LGPD / PRIVACY SHIELD compliance
  • The importance of Vendor management and oversight ' Continuous monitoring
  • Putting it all together '