Commentary
Mark Lyndersay
BitDepth#1471
Mark Lyndersay
ON THURSDAY, the Caribbean Chapter of the International Information System Security Certification Consortium (ISC2) hosted a webinar on third-party risk assessment.
If you aren’t a backroom cybersecurity professional working for a medium to large company or government agency, that’s probably worth explaining.
Third-party risk assessments are a validation of vendors who will connect to a computer network, examining their certifications, compliance with ISO standards, doing background checks, reviewing contracts and doing due diligence that the business meets or exceeds your internal standards for data management and processing.
The process, to be effective, must be ongoing and managed to ensure that vendors meet required standards.
This is a commonplace requirement for multinational corporations that have ironclad standards for compliance, but far less common outside of data-sensitive businesses like banking and finance.
But the risks are the same for any business that outsources or extends its resource capacity by depending on third-party services from…
