If you’re a regulated organization, you likely already understand that you should be asking many of your vendors for a SOC report, especially your critical or high risk vendors.  

Unfortunately, a reality that we’re living in is that it’s likely that a breach will happen at some point. So, it’s important to prevent and be prepared.

A few years ago, the New York Department of Financial Services (NYDFS) released survey results giving us more insight regarding many bank’s cybersecurity preparedness. The NYDFS surveyed 40 [...]

A bridge letter, also known as a gap letter, is made available by the service organization (your vendor) to cover a period of time between the reporting period end date of the SOC report and the [...]

Requesting a SOC report from your vendor is an important step to validate that the proper controls are in place at that company, and if not, to give you the opportunity to request your vendor [...]

With the increase in cybersecurity breaches, it’s critical to monitor and fully understand your vendor’s information security posture in order to protect the company from unnecessary risk. There [...]

The purpose for the creation of the SSAE 18, in May 2017, was to clarify the auditing standards and to reduce duplication within similar standards covering examinations, reviews and agreed-upon [...]

Business continuity planning allows for businesses to ensure that their key operations, products and services continue to be delivered either in full or at a predetermined level of availability. [...]

Complementary User Entity Controls (CUECs), also known as User Control Considerations (UCCs), are controls that the vendor has included within its system and rely on the user entity (you) to [...]

A few weeks ago, on April 24, 2018, the Securities and Exchange Commission (SEC) fined Altaba, Inc., aka Yahoo, $35 million for a massive data breach that impacted around 50 million users in 2014. 

We know your organization is more than likely investing in their cybersecurity program to take precautions and prevent unnecessary breaches, but are your third and fourth party vendors?

It’s [...]

As part of your vendor due diligence, you should be spending time on cybersecurity. To help you out, I've got 10 tips

October being National Cybersecurity Awareness Month reminds us to take a look at vendor cybersecurity.