Third-party risk remains a core governance challenge for most organizations. Regulations including HIPAA-HITECH, the EU's GDPR, GLBA, among others require organizations to appropriately evaluate the risk of service providers and other third-parties.
Unfortunately, current third-party risk management practices rarely scale and require new approaches. Our panelists bring a broad, multi-disciplinary/multi-industry perspective on how to re-think third-party risk. Some of the questions that will be addressed during this moderated discussion include:
Value of standardized questionnaires and on-boarding process for third parties
Value of independent audits and assessments - e.g., SSAE18, SOC 2, PCI DSS, ISO, etc. and their role in third-party risk management
Onsite Risk Assessments - how to effectively plan and execute
Ongoing monitoring - tools and processes
Contracting with third parties
Termination of relationships and data decommissioning