- March 21, 2017
- White Paper
Any third party a company does business with can make the company susceptible to a data breach. The challenge is identifying which third parties need information security risk controls and which controls are necessary. This playbook outlines the steps to take – or plays – and sets up the structure for assignment of the various tasks to those in your organization.
Three play sheets that outline key actions, which should be adapted to fit the specific risks you are addressing:
- Third Party Risk Segmentation
- Due Diligence Package
- Control Matrix / Vendor Action Plan