Managing Third-Party Cybersecurity Risk

Video Transcript

Hi – I’m Josh with Venminder.  

In this 90-second video, you are going to learn 6 best practices for managing third-party cybersecurity risk.  

Having analyzed thousands of vendor cybersecurity documentation and evidence, our information security team highly recommends these to protect your organization from having a weak link vendor. 

One. Ensure you have someone that understands how to assess and monitor a vendor for cybersecurity preparedness and risks. We recommend a CISSP, or someone with many years of IT experience.  

Two. Cybersecurity should be included in your third-party risk management scope. This will enable you to mitigate risk by allowing you to influence the vendor to strengthen their controls and more. 

Three. Ensure cybersecurity due diligence is included as a requirement in your program. Due diligence should include a risk assessment that addresses cybersecurity concerns. 

Four. Determine your methodology to identify the inherent risk from cyber threats at your vendors – before a cyber risk occurs. 

Five. Make sure to document any inherent risk identified and prepare controls to mitigate the risk. 

And finally, six. A SOC for cybersecurity provides a common language for vendors to use in describing their cybersecurity risk management program effectiveness. This is a helpful report you may want to use to compare vendors. 

Remember, you need to be able to trust that your vendor is prepared to prevent, detect and respond to a cybersecurity issue or event.  

Investing time and effort in your vendors to protect your organization is a must in today’s environment. See you next time.