Vendor Information Security and Privacy Management

Rebecca will cover:

• Legal requirements for ensuring sound vendor security and privacy practices
• The risks involved with outsourcing
• How to mitigate those risks
• How to ensure the vendor complies with regulatory responsibilities
• How to demonstrate to regulators that you are in compliance when someone else possesses your data

Background

Outsourcing is becoming commonplace. When you entrust vendors, and other types of third parties, with your institution’s confidential data, you are placing all control of security and privacy measures for your organization’s data completely into their hands. That trust cannot be blind. Many recent security incidents and privacy breaches have resulted from inadequate security practices within outsourced organizations handling another company’s customer or employee data.

When appropriately managed, such third-party arrangements can assist organizations in attaining strategic objectives. Understanding the importance of managing the potential risks that can exist with these arrangements is important.

Vendor / third party information security and privacy management is a growing concern.  Multiple regulatory agencies, such as the FDIC, NCUA, and the OCR, have identified it as a key factor in upcoming examinations and audits. This turns up the heat on organizations to understand how information is secured when in the hands of third-party service providers.

This session will cover the key points of what organizations should know about the risks involved with entrusting business processing, operations and data handling to third parties and actions to take to mitigate those risks.