What to Review in a Third-Party Incident Response Plan

Podcast Transcript

Hi – this is Abbe with Venminder.    

In this 90-second podcast, we’ll talk about some of the top things to review in a third-party incident response plan. 

Here at Venminder, we have a team of certified industry experts who are knowledgeable in evaluating vendor incident response plans.

It’s important to realize that third-party data breaches and incidents can occur to any vendor, at any time. While prevention is vital to mitigating the risk of data breach and lessening the negative impact, it’s equally important to understand how your vendor will respond to an incident when it happens.

Here are four things to review within your third-party’s incident response plan:

First, your third-party’s notification timeline to understand how quickly they’ll notify you in the event of an incident. Regulatory guidelines vary depending on the state and industry, so it’s important that your third-party’s notification timeline is compliant.

Second, determine your vendor point of contact. They should provide your organization with regular status updates regarding any breach. This can help prevent any miscommunication or delays that may arise during an incident.

Next, the incident response plan should clearly define the actions your third party will take to investigate and remediate the breach to prevent future events from happening.

And finally, the plan should include documented steps for the classification for incidents, containment, eradication, return to normal and postmortem.
Now you have a better idea of what to review in your third-party incident response plan. A data breach can have serious consequences, so it’s important that your third party responds in a timely and effective manner.

Hope you found this podcast insightful. Thanks for tuning in; catch you next time!