Rebecca will cover:
- Legal requirements for ensuring sound vendor security and privacy practices
- The risks involved with outsourcing
- How to mitigate those risks
- How to ensure the vendor complies with regulatory responsibilities
- How to demonstrate to regulators that you are in compliance when someone else possesses your data
Background
Outsourcing is becoming commonplace. When you entrust vendors, and other types of third parties, with your institution’s confidential data, you are placing all control of security and privacy measures for your organization’s data completely into their hands. That trust cannot be blind. Many recent security incidents and privacy breaches have resulted from inadequate security practices within outsourced organizations handling another company’s customer or employee data.
When appropriately managed, such third-party arrangements can assist organizations in attaining strategic objectives. Understanding the importance of managing the potential risks that can exist with these arrangements is important.
Vendor / third party information security and privacy management is a growing concern. Multiple regulatory agencies, such as the FDIC, NCUA, and the OCR, have identified it as a key factor in upcoming examinations and audits. This turns up the heat on organizations to understand how information is secured when in the hands of third-party service providers.
This session will cover the key points of what organizations should know about the risks involved with entrusting business processing, operations and data handling to third parties and actions to take to mitigate those risks.
About Rebecca Herold

Rebecca is a widely recognized and respected expert in information privacy, security and compliance. Rebecca has been named in the “Best Privacy Advisors in the World” list all years Computerworld magazine has released their rankings, along with receiving many other awards and recognitions. Rebecca has been leading the NIST Smart Grid privacy subgroup since June, 2009. Rebecca’s Compliance Helper service helps healthcare organizations and their business associates to meet their HIPAA, HITECH and other information security and privacy requirements. Rebecca has been an Adjunct Professor for the Norwich MSIA program since 2004, and she is working on her 15th published book.