CONTACT US
Third Party Risk Management - Consultancy, Assessment & Advisory

Blog

Bar Council GDPR Guide Notes: Managing GDPR compliance and cyber security risk of Barristers and Chambers

Understanding the Bar Council GDPR guide and what GDPR means for Barristers, Chambers and Legal Firms A few thoughts on the Bar Council GDPR guide notes and Third Party Risk compliance. In October 2017 the Bar Council issued a GDPR guide for Barristers and Chambers that outlined the key issues and requirements for regulatory compliance….

LEARN MORE

PCI DSS Third Party Risk (2 of 2) – Risk Exposure and Improving Risk Mitigation and Management

PCI DSS Third Party Risk continued…. In our previous blog (PCI DSS Third Party Risk – Compliance and Liability in an Outsourced Payment Processing model) on the importance of being Payment Card Industry Data Security Standard (PCI DSS) compliant when using a Third Party service provider (TPSP) we highlighted the issue that PCI non-compliant organisations…

LEARN MORE

PCI DSS Third Party Risk (1 of 2) – Compliance and Liability in an Outsourced Payment Processing model

PCI DSS Third Party Risk  The use of Third Party service providers (TPSPs) to process credit card payments is increasingly popular given the cost and operational efficiencies it represents and the perception of short-cutting the costly burden of Payment Card Industry Data Security Standard (PCI DSS) compliance. In this series of blogs we’ll take a…

LEARN MORE

‘Tis the season for.… Fourth Party Risk Management

A few thoughts on Fourth Party Risk Management. We all know the drill. It’s time for some annual festivity, frivolity and fake fir trees. Without wanting to sound like the Grinch, there is one thing that doesn’t take a holiday. RISK! We hope that by now the mix of media attention, ICO & GDPR guidelines…

LEARN MORE

Getting to know NIS (3 of 3) – How to start addressing NIS Directive Third Party compliance

Blogs 1 and 2 have armed us with a better understanding of the regulatory standards the NIS Directive will demand of regulated organisations and the potential legislative and financial impacts of falling foul of compliance. The attention of OESs and DSPs should therefore start to shift on how to start building a NIS compliant cyber…

LEARN MORE

Getting to know NIS (2 of 3) – Expectations and Implications of NIS Directive and Third Party Risk

So, we’ve identified what the NIS Directive is and does, what OESs and DSPs are, and whether the Directive will impact you directly. Next we need to look at the expectations and implications of the Directive on the operators of and service providers to essential services. What are the expectations of the cyber security policies…

LEARN MORE

Getting to know NIS (1 of 3) – What is the EU NIS Directive and does it affect me?

The Department for Digital, Culture, Media and Sport (DCMS) launched a public consultation on the new EU NIS Directive in August 2017 with UK Government legislation to support it required to be in place by 9th May 2018. While we await the results of this consultation it is important to ensure your organisation is aware…

LEARN MORE

Quick Guide to GDPR and Third Party Risk – 6 months to get your data supply chain GDPR compliant

A few thoughts from our Guide to GDPR and Third Party Risk. DVV Solutions were privileged to host a panel discussion at ILTA INSIGHT Summit 2017 last week in London. Titled “GDPR and the Supplier IT Risk Landscape” the panel offered some interesting insight into the impacts of GDPR from the perspectives of an IT…

LEARN MORE

All for One and One for All. Is it time for the Evidence Sharing Network to shine in TPRM?

A few thoughts on the “Evidence Sharing Network” model. I’m pleased to say that the seven key steps for establishing a cost-effective Third-Party risk management (TPRM) program are definitely beginning to resonate. However, as normal, priorities and resources are naturally focused on daily tasks, keeping risk management at a secondary level of importance and diverging…

LEARN MORE

Mitigating Big Risks? Think Small Supplier Risk Assessments

A few thoughts on Small Supplier Risk Assessments – Every supplier represents a potential security risk to your organisation. Whether it’s a small specialised law firm, a local value added reseller delivering technology and providing services, a consultant dedicated to your industry, or an off shore Web developer, it’s important to understand those risks –…

LEARN MORE