On top of that, most orgs ask their vendors to maintain a level of security that said orgs cant follow themselves.
Amidst the Equifax breach, orgs will look to insert more vigor into their third-party review process, though few if any continuously monitor the security of their business ecosystem.
Instead of spending cycles completing matrices / spreadsheets, firms should invest in the following:
- A vulnerability scan / penetration test (of limited scope) before any legal documents are executed.
- An agreed upon remediation plan should be agreed upon too.
- A continuous monitoring / assessment agreement to ensure governance during the course of the contractual agreement.
- Recurring audits / spot checks on the security governance established / expected.
No comments:
Post a Comment