James T. Shreve Discussed "Don’t Forget Your Third Parties: Assessing and Governing Their Risks" at IAPP Privacy. Security. Risk. 2017
The IAPP is the largest and most comprehensive global information privacy community and resource. After the Target breach, there is little doubt that your third parties can cause a data breach for your company, oust the CEO, and negatively impact the entire company and its goodwill. Contracts are necessary, but not sufficient to control and mitigate this third-party risk. In order to really mitigate risks, you must have a robust and holistic program designed to assess all types of security, compliance, and privacy risks in place. This presentation and panel discussion helped attendees understand how to establish an information assurance program that reviews vendors, contracts and internal business lines. The session showed how to determine what the risks are, if the controls are adequate, and how these risks should be governed in your organization. It is possible to control many third-party risks, but only if they are identified ahead of time through a well-run assurance program.