According to the Ponemon Institute, one in five data breaches is caused by a lack of proper third-party vetting. Many of these breaches have been massive, exposing the data of millions of consumers and receiving extensive media coverage. Despite these incidents, many organizations have failed to invest in adequate vendor risk management programs.
As the reliance on third parties becomes greater, the urgency to address this risk grows. Vendors of all sorts pose a direct risk to the security of your data. Some of the largest breaches in recent years were caused not by IT or financial services vendors, but by HVAC contractors, facilities maintenance contractors and payment systems providers. These breaches have put tremendous public and regulatory scrutiny on the way companies vet the vendors who touch sensitive data.
Focal Point helps clients address this growing frontier in data privacy and security. We have designed and implemented vendor risk management programs for organizations of all sizes. Our team of privacy experts brings this experience to each engagement, designing vendor risk management programs that meet your business needs and secure your assets. These projects often include:
Focal Point follows a proven five-step process, which we tailor to meet the needs of each client.
Each vendor risk management assessment begins with developing a full profile for each of your vendors – classifying each vendor by service, data type, and inherent risk rating.
Focal Point builds a custom risk management framework built around your needs and concerns.
Assessments range in complexity from self-assessment questionnaires to full third-party assessments, depending on the vendor’s inherent risk rating.
We establish and document ongoing risk management practices for continuous monitoring of vendors.
Focal Point creates report dashboards for each audience – executives, business owners, and other team leaders.