New York — Managing vendors and third-party contractors is a critical part of data security and regulatory compliance, experts say.
Data owners must manage contractors to the same standard as their own operations, and they should adopt an organized framework to enable such control, they said during sessions and interviews at the Professional Liability Underwriting Society’s Cyber Symposium in New York last month.
“Even if you’ve outsourced the processing, consumption, analysis, storage or deletion of any data, it is still ultimately your customer and your liability or exposure,” said David Shluger, Old Lyme, Connecticut-based head of cyber risk advisory for Axis Capital Holdings Ltd., during a panel discussion at the conference.
“If you are the data owner, you are ultimately responsible and accountable for protecting that data, even if the data is in the custody of a third party,” said Ken Morrison, Hartford, Connecticut-based assistant vice president for cyber risk management at Travelers Cos. Inc.
Among the cyber-related advice USI Insurance Services LLC provides to its clients, third-party risk management, or TPRM, is “front and…
