CIS Control 15 - Service Provider Management
Description
LastPass and the recent Rackspace Exchange incident are two prime examples of "why" this Control is Critical!!
Develop a process to evaluate service providers who hold sensitive data, or are responsible for critical IT platforms or processes, to ensure these providers are protecting those platforms and data appropriately.
Identify your business needs and create a set of standards that can be used to grade services providers that are being proposed.
Organize and monitor all services providers that are associated with your business. Keeping an inventory of all services providers will enable you to monitor them in case they update their policies.
Co-hosts:
Ryan Weeks: https://www.linkedin.com/in/ryanweeks/
Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/
Wes Spencer: https://www.linkedin.com/in/wesspencer/
United States
