The Supplier Assessment Process

With the introduction of regulations such as the GDPR, organizations must not only monitor their own processes, but are also responsible for ensuring that their vendors can protect the personal data of customers, employees, and prospects. The supplier assessment is a thorough evaluation of your vendors and their data-privacy practices. Carrying out these assessments protects you from partnering with substandard/inadequate vendors and the potential repercussions of non-compliance.  In Read more…

Creating a Third-Party Management Program

So far in our Guide To Data Privacy And Security, we have covered how you can plan and develop your privacy framework, the role policies and procedures play, and how to distribute accountability within your privacy program. In part 4 of our guide, we look at how you can create lasting vendor relationships with a third-party management program.  Relationships between your organization and third parties can have a lasting influence on your company’s success. While catering to your customers’ needs is one Read more…

Accountability

Regulations are making organizations increasingly accountable for the data they process and the trend is unlikely to change. GDPR has not only upped the game when it comes to accountability, making organizations pay (literally) for data breaches or for failing to report them – it also created new roles with responsibilities related to privacy ownership within organizations and builds consciousness into the Read more…

Privacy Policies & Procedures

In part 1 of our Guide to Data Privacy And Security, we touched on some processes that should be performed, and information you can gather prior to the development of your privacy program framework, followed by how you can build it. In this installment, Part 2: Policies And Procedures, we explore the “whys” and “hows” of privacy policies and procedures, and the role they play in data privacy.   Read more…

The Cybersecurity Maturity Model Certification

Developed by the US Department of Defense (DoD), the Cybersecurity Maturity Model Certification (CMMC) is a new standard for implementing cybersecurity measures across their supply chain and network of contractors. The DoD engages with over 300,000 contracting companies across the Defense Industrial Base (DIB) in the acquisition of technologies, products, and services.   To perform their duties, contractors require access to Controlled Unclassified Information (CUI). Prior Read more…

Building Your Privacy Program Framework

Like the Cambridge Analytica scandal and the introduction of Europe’s General Data Protection Regulation (GDPR), the Covid 19 pandemic has reinvigorated the discussion of data privacy and security – once again bringing the issue to the forefront of the business world. In our 8-part guide, we will examine, discuss and share some tips on the different aspects of data privacy and security beginning with:  Part 1: Preparing And Building Your Privacy Program Framework. In the first part of our guide, we will be covering how Read more…

The CCPA In 2021

In June 2018, the California legislature passed a landmark privacy bill that created significant new data protection obligations for organizations and new privacy rights for individuals in California. This law became known as the California Consumer Privacy Act (CCPA), the most comprehensive privacy law in the United States to date and designed to give Californian consumers more control over their Read more…

Why Policy Management is Key to Risk & Compliance

Within an organization, policies guide day-to-day processes to fulfill legal and regulatory obligations, while cementing an organizational cultural that builds a foundation for success. Today, there are hundreds of internal and external requirements that organizations must satisfy. In this article we will look at how policies fit into an organization, challenges of policy management, and Read more…

Vendor and Third-Party Risk Management

Outsourcing business operations from vendors and third parties is the new norm. It not only saves organizations money but also increases their operational efficiency. Beyond this horizon however, vendors and third parties have risk attached to them. In this article we will cover different types of vendor risk and how to mitigate them.   What’s the Difference Between Read more…

Mapping PCI DSS to NIST CSF

Today, many organizations are required to comply with various compliance and information security frameworks such as PCI DSS, NIST CSF, ISO27001 and SOC2 to ensure the security of their data. It is becoming increasingly popular for companies to enhance their data security and manage risk more effectively by combining frameworks, such as PCI DSS and NIST cybersecurity framework to achieve a comprehensive security outcome.  PCI DSS Payment Card Industry Data Security Standards (PCI DSS) refer to requirements that ensure organizations accepting payment cards handle the cardholders’ data Read more…