Available in:

OnDemand Course

Risk-Based Vendor Management Fundamentals

Examine the cutting-edge issues in designing and executing privacy and security risk assessments.

This topic will focus on the fundamentals of creating and implementing a risk-based vendor management program designed to address the increasing threat of cybersecurity incidents. The risk to the privacy and security of an organization's sensitive, personally identifiable, proprietary, and financial information continues to grow as cybersecurity attacks become more sophisticated. A growing number of these attacks occur through third parties, vendors, service providers, or the supply chain. Traditional vendor management programs may not be adequate for identifying and minimizing these risks. We will take a look at the threat landscape, review basic elements of a cybersecurity-focused vendor management program, identify best practices, and discuss program ownership and available resources. Whether your organization purchases software products, connected devices, or SaaS; outsources services; or engages managed service providers, this information will help you create or update your vendor management program to address cybersecurity risks posed by third parties, vendors, services providers, or the supply chain.

58 minutes
Course Exam
Certificate of Completion
Purchase Options

Add to Wishlist

More Program Information

Why Lorman?

Over 37 years and 1.4 million customers worth of experience providing continuing education. Our passion is providing you world-class training to help you succeed in business and as a professional.

Agenda

Risk-Based, Cybersecurity-Focused Vendor Management and Why Organizations Need It

  • The Cybersecurity Threat Landscape
    • Understanding Cybersecurity Risks Posed by Third Parties, Vendors, Service Providers, and the Supply Chain
    • The Potential Impact on Organizations
  • Regulatory and Contractual Compliance Obligations

Assembling an Interdisciplinary Vendor Management Team

  • Identifying Appropriate Stakeholders
  • Identifying Team Responsibilities
    • Creating or Updating a CybersecurityFocused Vendor Management Program
    • Monitoring Internal Program Compliance
    • Auditing ThirdParty Compliance
    • Performing Vendor On and Offboarding
    • Assuming Responsibility for Vendor Communications, Data Breach Response
    • Identifying Appropriate Method of Performance Manual, Automated

Developing an Appropriate Risk-Based Vendor Management Program

  • Creating a Third-Party, Vendor, and Service Provider Inventory
  • Identifying Regulatory and Contractual Compliance Obligations
  • Identifying Potential Risks to Data and Systems; Assign Risk Levels
  • Creating Scalable Standards
  • Creating Risk Assessment Questionnaire
  • Developing Internal Policies and Procedures for Implementing, Reviewing, and Monitoring the Program

Performing Due Diligence

  • Assessing and Evaluating Responses to Risk Assessment
  • Conducting Onsite Audits
  • Obtaining Required Certifications
  • Validating Vendor Representations

Executing Vendor Contracts

  • Drafting Contractual Obligations
    • Addressing Reasonable Safeguards
    • Allocating Risk
  • Performing Internal Contract Management
  • Reviewing and Updating Contracts as Necessary

Best Practices

  • Maintaining Documentation of Risk Assessments and Supporting Documents
  • Limiting Vendor Access to Data and Systems
  • Implementing Internal Incident Response and Business Continuity Plans
  • Segmenting Systems
  • Monitoring Vendor's Cybersecurity Controls
  • Training Internal Staff
  • Minimizing Data Collection; Adhering to Appropriate Date Retention Schedules
  • Assembling a Truly Interdisciplinary Team

Available Resources

Purchase Options

Add to Wishlist

More Program Information

Why Lorman?

Over 37 years and 1.4 million customers worth of experience providing continuing education. Our passion is providing you world-class training to help you succeed in business and as a professional.

Credits

OnDemand Course

This course was last revised on October 18, 2021.

Call 1-866-352-9540 for further credit information.

This program does NOT qualify, nor meet the National Standard for NASBA accreditation.

Purchase Options

Add to Wishlist

More Program Information

Why Lorman?

Over 37 years and 1.4 million customers worth of experience providing continuing education. Our passion is providing you world-class training to help you succeed in business and as a professional.

Faculty

Mary T. Costigan

Mary T. Costigan

Jackson Lewis P.C.

  • Member of the Jackson Lewis PC Privacy, Data and Cybersecurity Practice Group
  • Advises multinational, national, and regional companies on emerging data privacy and cybersecurity issues, laws, and regulations
  • Practice also includes assisting clients with responding to cyber incidents, including ransomware attacks and business email compromises
  • Certified information privacy professional/US with the International Association of Privacy Professionals
  • Writes and speaks frequently on a variety of data protection issues, including on the Jackson Lewis Workplace Privacy Report blog
  • Recent webinars and presentations topics include ransomware, business email compromise, the California Consumer Privacy Act, the intersection of workplace DEI and data privacy, hot topics in UK and EU data protection law, HR’s role in data protection, and cybersecurity updates, reasonable safeguards, and best practices
Purchase Options

Add to Wishlist

More Program Information

Why Lorman?

Over 37 years and 1.4 million customers worth of experience providing continuing education. Our passion is providing you world-class training to help you succeed in business and as a professional.

All of your training, right here at Lorman

All of your training, right here at Lorman.

Pay once and get a full year of unlimited training in any format, any time!

  • OnDemand Courses
  • Live Webinars
  • MP3 Downloads
  • Course Manuals
  • Executive Reports
  • White Papers and Articles

Additional benefits include:

  • State Specific Credit Tracker
  • All-Access Pass Course Concierge

Questions? Call 877-296-2169 to speak with a real person.

Sign Up Today
With This Course

Access to all training products for one year
$699/year

Unlimited Lorman Training

With the All-Access Pass there is no guessing what you will need for your yearly training budget. $699 will cover all of your training needs for an entire year!

Easy Registrations

Once you purchase your All-Access Pass you will never be any further than one-click away from attending any Lorman training course.

Invest in Yourself

You haven't gotten to where you are professionally by luck alone; it's taken a lot of hard work and training. Invest in yourself with the All-Access Pass.

Product ID: 408817
Published 2021
Purchase Options

Available in Multiple Formats

Purchase this course and learn on your schedule!