18th December 2017
PCI DSS Third Party Risk continued…. In our previous blog (PCI DSS Third Party Risk – Compliance and Liability in an Outsourced Payment Processing model) on the importance of being Payment Card Industry Data Security Standard (PCI DSS) compliant when using a Third Party service provider (TPSP) we highlighted the issue that PCI non-compliant organisations…
LEARN MORE18th December 2017
PCI DSS Third Party Risk The use of Third Party service providers (TPSPs) to process credit card payments is increasingly popular given the cost and operational efficiencies it represents and the perception of short-cutting the costly burden of Payment Card Industry Data Security Standard (PCI DSS) compliance. In this series of blogs we’ll take a…
LEARN MORE15th December 2017
A few thoughts on Fourth Party Risk Management. We all know the drill. It’s time for some annual festivity, frivolity and fake fir trees. Without wanting to sound like the Grinch, there is one thing that doesn’t take a holiday. RISK! We hope that by now the mix of media attention, ICO & GDPR guidelines…
LEARN MORE27th November 2017
Blogs 1 and 2 have armed us with a better understanding of the regulatory standards the NIS Directive will demand of regulated organisations and the potential legislative and financial impacts of falling foul of compliance. The attention of OESs and DSPs should therefore start to shift on how to start building a NIS compliant cyber…
LEARN MORE27th November 2017
So, we’ve identified what the NIS Directive is and does, what OESs and DSPs are, and whether the Directive will impact you directly. Next we need to look at the expectations and implications of the Directive on the operators of and service providers to essential services. What are the expectations of the cyber security policies…
LEARN MORE27th November 2017
The Department for Digital, Culture, Media and Sport (DCMS) launched a public consultation on the new EU NIS Directive in August 2017 with UK Government legislation to support it required to be in place by 9th May 2018. While we await the results of this consultation it is important to ensure your organisation is aware…
LEARN MORE24th November 2017
A few thoughts from our Guide to GDPR and Third Party Risk. DVV Solutions were privileged to host a panel discussion at ILTA INSIGHT Summit 2017 last week in London. Titled “GDPR and the Supplier IT Risk Landscape” the panel offered some interesting insight into the impacts of GDPR from the perspectives of an IT…
LEARN MORE23rd October 2017
A few thoughts on the “Evidence Sharing Network” model. I’m pleased to say that the seven key steps for establishing a cost-effective Third-Party risk management (TPRM) program are definitely beginning to resonate. However, as normal, priorities and resources are naturally focused on daily tasks, keeping risk management at a secondary level of importance and diverging…
LEARN MORE15th August 2017
A few thoughts on Small Supplier Risk Assessments – Every supplier represents a potential security risk to your organisation. Whether it’s a small specialised law firm, a local value added reseller delivering technology and providing services, a consultant dedicated to your industry, or an off shore Web developer, it’s important to understand those risks –…
LEARN MORE5th July 2017
Evaluating Cloud Risk In the past five years, we have seen tremendous changes in technology, personnel and business practices. Cloud has now become the de-facto industry model for providing computing services. Mobile has become the most common model for accessing data. Cloud platforms are managing billions of Internet of Things (IoT) devices daily, and new…
LEARN MORE