Third-Party Risk Management: When to Accept or Reject Vendor Documentation
Description
On a recent episode of GRC Uncensored, host Troy Fine and producer Elliot Volkman were joined by guest Stanley Krochik, a now seasoned GRC professional and former city security program manager, to discuss the realities of third-party risk Management (TPRM). The conversation focused on the growing issue of low-quality audits, the challenge of assessing vendor security postures, and the dilemma risk managers face when reviewing third-party documentation.
04:43 The Importance of Third Party Risk Management
05:45 Challenges with Low Quality Audits
07:45 Evaluating SOC 2 Reports
12:55 Issues with Sales-Focused GRC Tools
14:44 The Need for Better Compliance Programs
27:50 High-Risk Vendor Architecture Review
29:07 SOC 2 Reports and Vendor Risk Management
31:50 Challenges with SOC 2 and Auditor Quality
36:49 Financial Impact of Data Breaches
38:10 Differences in Security Between Old and New Systems
47:43 Proactive vs. Reactive Security Measures
Hosted on Acast. See acast.com/privacy for more information.
United States
