Vendor risk management webinar 10022019 v1
•1 j'aime•291 vues
Signaler
Partager
Télécharger pour lire hors ligne
Organizations response to vendor risk management from their customers is a task that is increasingly taking valuable time and resources for already busy security/compliance experts. In the webinar, ControlCase will cover the following: What is being done currently to respond to vendors How to make vendor management responses to customers more efficient Technologies that can help in making the process better How can ControlCase assist customers in this endeavor through it Continuous Compliance offering Q&A
Contenu connexe
Tendances
Tendances(20)
Similaire à Vendor risk management webinar 10022019 v1
Similaire à Vendor risk management webinar 10022019 v1(20)
Plus de ControlCase
Plus de ControlCase(14)
Dernier
Dernier(20)
Vendor risk management webinar 10022019 v1
- 1. © 2019 ControlCase All Rights Reserved Your IT Compliance Partner – Go Beyond the Checklist Vendor Response Management
- 2. © 2019 ControlCase All Rights Reserved Our Agenda 2 4 2 3 Your IT Compliance Partner – Go beyond the checklist ControlCase Introduction About Vendor Risk Management Common Challenges Techniques To Increase Efficiencies Why ControlCase5 1
- 3. © 2019 ControlCase All Rights Reserved ControlCase Introduction1
- 4. © 2019 ControlCase All Rights Reserved ControlCase Snapshot 4 Certification and ContinuousCompliance Services Go beyond the auditor’s checklist to: Dramatically cut the time, cost and burden from becoming certified and maintaining IT compliance • Demonstrate compliance more efficiently and cost effectively (cost certainty) • Improve efficiencies • Do more with less resources and gain compliance peace of mind • Free up your internal resources to focus on their priorities • Offload much of the compliance burden to a trusted compliance partner 1000+ Clients 300+ Security Experts 10,000+ IT Security Certifications
- 5. © 2019 ControlCase All Rights Reserved Solution 5 Certification and Continuous Compliance Services Automation -DrivenSkyCAM Partnership Approach IT Certification Services Continuous Compliance Services “I’ve worked on both sides of auditing. I have not seen any other firm deliver the same product and service with the same value. No other firm provides that continuous improvement and the level of detail and responsiveness.” Security and Compliance Manager, Data Center
- 6. © 2019 ControlCase All Rights Reserved Certification Services 6 OneAudit – Collect Once, Certify Many PCI DSS ISO 27001 & 27002 SOC 1, SOC 2, SOC 3, & SOC for Cybersecurity HITRUST CSF HIPAA PCI P2PE GDPR NIST 800-53 PCI PIN PCI PA-DSS SCA PCI 3DS “You have 27 seconds to make a first impression. And after our initial meeting, it became clear that they were more interested in helping our business and building a relationship, not just getting the business.” Sr. Director, Information Risk & Compliance, Large Merchant Automation- DrivenSkyCAM Partnership Approach IT Certification Services Continuous Compliance Services
- 7. © 2019 ControlCase All Rights Reserved About Vendor Risk Management2
- 8. © 2019 ControlCase All Rights Reserved Vendor Risk Management 8 Vendor risk management is the process organizations use to understand the risks that exist and the risks that they assume due to their business relationships with third-party vendors. Vendor risk management is now a standard practice As a result, organizations are increasingly required to respond to their customers requests 59% of companies experienced a third-party breach in 2018 (Ponemon Survey) – which costs millions of dollars and reputational damage to large companies
- 9. © 2019 ControlCase All Rights Reserved Common Process Used To Manage Vendors 9 Register/Inventory vendors Categorize vendors Map controls to categories Create vendor risk assessment questionnaire Create master control checklist Distribute questionnaire to vendors Analyze responses and attachments Track exceptions to closure Provide a Data Security Rating
- 10. © 2019 ControlCase All Rights Reserved Common Challenges3
- 11. © 2019 ControlCase All Rights Reserved Current Status 11 Organizations receive multiple vendor risk questionnaires from their customers Each customer uses their own templates, processes and requirements - making it challenging to respond to all customers in a timely manner Vendor response management is being done manually. Vendor Response Management is increasingly taking valuable time and resources for already busy security/compliance experts.
- 12. © 2019 ControlCase All Rights Reserved Common Challenges to Vendor Response Management 12 Time • The process of responding to vendor risk management is time consuming. Resources • Lack of resources to manage the process. Cost • Cost of hiring additional resources and complying to multiple regulations. Risk of Business Loss • Risk of loosing business if you cannot comply with customer process
- 13. © 2019 ControlCase All Rights Reserved Techniques To Increase Efficiencies5
- 14. © 2019 ControlCase All Rights Reserved Multi-Threaded Approach 14 Continuous Improvement Identify Common Categories Create Repository Integrate IT Assessments with Vendor Response Process Have “Standardized” Verbiage
- 15. © 2019 ControlCase All Rights Reserved Identify Common Categories 15 Scoping Anti-Malware Application Security BCP/DR Change Management Configuration Management Data Encryption At Rest Data Encryption In Transit Governance And Compliance HR Incident Response Logging & Monitoring Logical Access Network Physical Security Policies & Procedures Privacy Processing Integrity Risk Assessment Security Testing Third Party Management
- 16. © 2019 ControlCase All Rights Reserved Create Repository for “Single Assessment Data & Responses” 16 16
- 17. © 2019 ControlCase All Rights Reserved Integrate Vendor Response Management With Assessments 17 Consolidated Repository for all assessment data • Consolidated Repository • Using Technology and Integrated Checklist HIPAA Assessment PCI DSS Assessment Deliverables a. HIPAA Assessment Report b. PCI DSS Report on Compliance c. Vendor Responses Vendor Responses
- 18. © 2019 ControlCase All Rights Reserved Standardized Verbiage (Examples) 18 “ControlCase tests its annual BCP/DR plan semi-annually. The last time it was tested was July 15, 2019” “ControlCase protects all PII related to its credit card processing system using AES-256 encryption” “ControlCase performs monthly vulnerability scanning. The last scan on July 5, 2019 found 2 medium and 1 low risk vulnerabilities. These were corrected and retested on July 12, 2019. New scan results verified that the vulnerabilities were addressed appropriately”
- 19. © 2019 ControlCase All Rights Reserved Why ControlCase5
- 20. © 2019 ControlCase All Rights Reserved Multi-Threaded Approach 20 Vendor Responses Skilled personnel to document responses Technology/Dataroom for IT Responses integrated with IT Assessments Process that includes automation to collect and maintain evidence
- 21. © 2019 ControlCase All Rights Reserved ControlCase Vendor Response Management Solution 21 01 02 0304 STEP 2 Questionnaire completed Small/Medium questionnaire (3 business days) Medium/Large questionnaire (5 business days) STEP 3 Document Quality Assurance (2 business days) REPEATABLE PROCESS PHASE 4 Delivery within defined SLA STEP 1 Assessment Received and Assigned
- 22. © 2019 ControlCase All Rights Reserved ControlCase Certification Outcomes 22 “It’s a challenge keeping up with the changing compliance landscape. Given that we had GDPR and now the California data privacy law, not to mention HIPAA and others, there are a lot of regulations and frameworks to keep up with and a lot of time spent preparing for audits. That puts a lot of overhead and strain on me and my team. We just don’t have the expertise or time to keep up. Before ControlCase “We cut audit prep time by 70% using ConrolCase. It was their partner approach to us; a combination of their expertise, their responsiveness and automation. They brought us great ideas on how to streamline our process, and we were able to take advantage of automated data collection. And, their IT Compliance Portal gave us visibility throughout the entire process. Another thing - We don’t look at compliance as a once a year event, and now, with ControlCase’s Continuous Compliance services, we have the visibility into what’s in compliance and what’s not all year long. We can quickly remediate an issue before it becomes a security threat.” With ControlCase Cut audit prep time by 70%
- 23. © 2019 ControlCase All Rights Reserved Summary – Why ControlCase 23 “They provide excellent service, expertise and technology. And, the visibility into my compliance throughout the year and during the audit process provide a lot of value to us.” Dir. of Compliance, SaaS company Your IT Compliance Partner – Go beyond the auditor’s checklist Partnership Approach SkyCAM IT Compliance Portal Automation driven Continuous Compliance Services
- 24. © 2019 ControlCase All Rights Reserved Email contact@controlcase.com Telephone Americas +1.703-483-6383 India: +91.22.50323006 Social Media Conection Suport www.facebook.com/user www.linkin.com/user Visit our website www.controlcase.com THANK YOU FOR THE OPPORTUNITY TO CONTRIBUTE TO YOUR IT COMPLIANCE PROGRAM
Notes de l'éditeur
- Organizations of all sizes rely on ControlCase’s certification and continuous compliance services to dramatically cut the time, cost and burden out of IT compliance. Unlike traditional consulting firms, we bring a partnership approach versus an auditor mentality to every engagement. We go beyond the checklist and provide the expertise, guidance and automation needed to more efficiently and cost effectively demonstrate and maintain compliance. Whether you're looking to satisfy regulatory requirements, meet customer demand or establish confidence with prospective customers, with ControlCase as your compliance partner, your workforce will be free to focus on their strategic priorities, and you’ll eliminate the hassle and reduce the stress associated with certification and continuous compliance.
- Organizations of all sizes rely on ControlCase’s certification and continuous compliance services to dramatically cut the time, cost and burden out of IT compliance. Unlike traditional consulting firms, we bring a partnership approach versus an auditor mentality to every engagement. We go beyond the checklist and provide the expertise, guidance and automation needed to more efficiently and cost effectively demonstrate and maintain compliance. Whether you're looking to satisfy regulatory requirements, meet customer demand or establish confidence with prospective customers, with ControlCase as your compliance partner, your workforce will be free to focus on their strategic priorities, and you’ll eliminate the hassle and reduce the stress associated with certification and continuous compliance.
- Organizations of all sizes rely on ControlCase’s certification and continuous compliance services to dramatically cut the time, cost and burden out of IT compliance. Unlike traditional consulting firms, we bring a partnership approach versus an auditor mentality to every engagement. We go beyond the checklist and provide the expertise, guidance and automation needed to more efficiently and cost effectively demonstrate and maintain compliance. Whether you're looking to satisfy regulatory requirements, meet customer demand or establish confidence with prospective customers, with ControlCase as your compliance partner, your workforce will be free to focus on their strategic priorities, and you’ll eliminate the hassle and reduce the stress associated with certification and continuous compliance.
- Organizations of all sizes rely on ControlCase’s certification and continuous compliance services to dramatically cut the time, cost and burden out of IT compliance. Unlike traditional consulting firms, we bring a partnership approach versus an auditor mentality to every engagement. We go beyond the checklist and provide the expertise, guidance and automation needed to more efficiently and cost effectively demonstrate and maintain compliance. Whether you're looking to satisfy regulatory requirements, meet customer demand or establish confidence with prospective customers, with ControlCase as your compliance partner, your workforce will be free to focus on their strategic priorities, and you’ll eliminate the hassle and reduce the stress associated with certification and continuous compliance.
- Organizations of all sizes rely on ControlCase’s certification and continuous compliance services to dramatically cut the time, cost and burden out of IT compliance. Unlike traditional consulting firms, we bring a partnership approach versus an auditor mentality to every engagement. We go beyond the checklist and provide the expertise, guidance and automation needed to more efficiently and cost effectively demonstrate and maintain compliance. Whether you're looking to satisfy regulatory requirements, meet customer demand or establish confidence with prospective customers, with ControlCase as your compliance partner, your workforce will be free to focus on their strategic priorities, and you’ll eliminate the hassle and reduce the stress associated with certification and continuous compliance.
- Organizations of all sizes rely on ControlCase’s certification and continuous compliance services to dramatically cut the time, cost and burden out of IT compliance. Unlike traditional consulting firms, we bring a partnership approach versus an auditor mentality to every engagement. We go beyond the checklist and provide the expertise, guidance and automation needed to more efficiently and cost effectively demonstrate and maintain compliance. Whether you're looking to satisfy regulatory requirements, meet customer demand or establish confidence with prospective customers, with ControlCase as your compliance partner, your workforce will be free to focus on their strategic priorities, and you’ll eliminate the hassle and reduce the stress associated with certification and continuous compliance.
- Organizations of all sizes rely on ControlCase’s certification and continuous compliance services to dramatically cut the time, cost and burden out of IT compliance. Unlike traditional consulting firms, we bring a partnership approach versus an auditor mentality to every engagement. We go beyond the checklist and provide the expertise, guidance and automation needed to more efficiently and cost effectively demonstrate and maintain compliance. Whether you're looking to satisfy regulatory requirements, meet customer demand or establish confidence with prospective customers, with ControlCase as your compliance partner, your workforce will be free to focus on their strategic priorities, and you’ll eliminate the hassle and reduce the stress associated with certification and continuous compliance.
- Organizations of all sizes rely on ControlCase’s certification and continuous compliance services to dramatically cut the time, cost and burden out of IT compliance. Unlike traditional consulting firms, we bring a partnership approach versus an auditor mentality to every engagement. We go beyond the checklist and provide the expertise, guidance and automation needed to more efficiently and cost effectively demonstrate and maintain compliance. Whether you're looking to satisfy regulatory requirements, meet customer demand or establish confidence with prospective customers, with ControlCase as your compliance partner, your workforce will be free to focus on their strategic priorities, and you’ll eliminate the hassle and reduce the stress associated with certification and continuous compliance.
- Organizations of all sizes rely on ControlCase’s certification and continuous compliance services to dramatically cut the time, cost and burden out of IT compliance. Unlike traditional consulting firms, we bring a partnership approach versus an auditor mentality to every engagement. We go beyond the checklist and provide the expertise, guidance and automation needed to more efficiently and cost effectively demonstrate and maintain compliance. Whether you're looking to satisfy regulatory requirements, meet customer demand or establish confidence with prospective customers, with ControlCase as your compliance partner, your workforce will be free to focus on their strategic priorities, and you’ll eliminate the hassle and reduce the stress associated with certification and continuous compliance.
- Organizations of all sizes rely on ControlCase’s certification and continuous compliance services to dramatically cut the time, cost and burden out of IT compliance. Unlike traditional consulting firms, we bring a partnership approach versus an auditor mentality to every engagement. We go beyond the checklist and provide the expertise, guidance and automation needed to more efficiently and cost effectively demonstrate and maintain compliance. Whether you're looking to satisfy regulatory requirements, meet customer demand or establish confidence with prospective customers, with ControlCase as your compliance partner, your workforce will be free to focus on their strategic priorities, and you’ll eliminate the hassle and reduce the stress associated with certification and continuous compliance.
- Organizations of all sizes rely on ControlCase’s certification and continuous compliance services to dramatically cut the time, cost and burden out of IT compliance. Unlike traditional consulting firms, we bring a partnership approach versus an auditor mentality to every engagement. We go beyond the checklist and provide the expertise, guidance and automation needed to more efficiently and cost effectively demonstrate and maintain compliance. Whether you're looking to satisfy regulatory requirements, meet customer demand or establish confidence with prospective customers, with ControlCase as your compliance partner, your workforce will be free to focus on their strategic priorities, and you’ll eliminate the hassle and reduce the stress associated with certification and continuous compliance.
- Arm you with the data and reports that make sense to business executives and tie to business goals
- Partnership Approach – Proactive expertise, responsive support and new, innovative ideas to streamline and improve compliance Right mix of size and responsiveness - We’re big enough to provide comprehensive compliance services, but agile enough to deliver responsive client care and support Automation-Driven – Take advantage of automation to cut time and costs and improve efficiencies in becoming certified and maintaining compliance ControlCase IT Compliance Portal Automated evidence collection – on prem or in the cloud Real-time Certification Dashboard AI-powered Predictive Compliance Go beyond monitoring and alerting to predict, prioritize and remediate compliance risk before they become security threats GRC Platform integration Continuous Compliance – Use ControlCase’s continuous compliance services to maintain compliance continuously in between annual certification efforts, because point-in-time, snap-shot compliance doesn’t effectively keep your company compliant or secure Predict, prioritize and remediate compliance risks before they become security threats