10th January 2018
Best Practices for Reducing Third Party Risk The simple truth is that the security measures organisations put in place are not enough to protect them from threats of Third Party risk. Third Parties can present the greatest area of risk exposure — both for data security and for regulatory compliance. It is much easier for…
LEARN MORE3rd January 2018
Understanding the Bar Council GDPR guide and what GDPR means for Barristers, Chambers and Legal Firms A few thoughts on the Bar Council GDPR guide notes and Third Party Risk compliance. In October 2017 the Bar Council issued a GDPR guide for Barristers and Chambers that outlined the key issues and requirements for regulatory compliance….
LEARN MORE18th December 2017
PCI DSS Third Party Risk continued…. In our previous blog (PCI DSS Third Party Risk – Compliance and Liability in an Outsourced Payment Processing model) on the importance of being Payment Card Industry Data Security Standard (PCI DSS) compliant when using a Third Party service provider (TPSP) we highlighted the issue that PCI non-compliant organisations…
LEARN MORE18th December 2017
PCI DSS Third Party Risk The use of Third Party service providers (TPSPs) to process credit card payments is increasingly popular given the cost and operational efficiencies it represents and the perception of short-cutting the costly burden of Payment Card Industry Data Security Standard (PCI DSS) compliance. In this series of blogs we’ll take a…
LEARN MORE15th December 2017
A few thoughts on Fourth Party Risk Management. We all know the drill. It’s time for some annual festivity, frivolity and fake fir trees. Without wanting to sound like the Grinch, there is one thing that doesn’t take a holiday. RISK! We hope that by now the mix of media attention, ICO & GDPR guidelines…
LEARN MORE13th December 2017
Shared Assessments, the trusted source in Third Party risk, today released its GDPR Data Processor Privacy Tool Kit, another resource in the “Building Best Practices” series. The GDPR Data Processor Privacy Tool Kit provides preliminary guidance for both data controllers and data processors to effectively evaluate and manage Third Party processor risk under the European Union…
LEARN MORE5th December 2017
One Step Ahead of Uncertainty: GDPR and the Supplier IT Risk Landscape Following DVV Solutions’ participation at ILTA INSIGHT 2017 we are pleased to share the recording of our panel discussion on GDPR and the implications for managing Supplier IT Risk: Synopsis Is GDPR a blessing and a curse? There is inevitably a lot of…
LEARN MORE4th December 2017
This White Paper from Shared Assessments discusses what Third Party Risk Rating is, what Risk Rating is needed and how an organisation can apply Risk Rating best practices as part of their Third Party Risk Management (TPRM) Abstract Risk rating of third party providers is an essential aspect of a comprehensive risk management program. When…
LEARN MORE27th November 2017
Blogs 1 and 2 have armed us with a better understanding of the regulatory standards the NIS Directive will demand of regulated organisations and the potential legislative and financial impacts of falling foul of compliance. The attention of OESs and DSPs should therefore start to shift on how to start building a NIS compliant cyber…
LEARN MORE27th November 2017
So, we’ve identified what the NIS Directive is and does, what OESs and DSPs are, and whether the Directive will impact you directly. Next we need to look at the expectations and implications of the Directive on the operators of and service providers to essential services. What are the expectations of the cyber security policies…
LEARN MORE