Get insights about the industry and gain knowledge from our experts
NIST has authored two industry standards that deal with identifying, assessing and managing supply chain risk. Here's an overview of the NIST guidelines pertaining to third-party risk and how Prevalent can help.
Calculating inherent risk is more involved than asking a few onboarding questions before even engaging with the vendor. Know the difference between inherent risk and profile risk. Read the best practice here.
When Marriott acquired Starwood in 2016, the company inherited a compromised reservation system platform that resulted in lawsuits and reputational damage.
Prevalent’s Third-Party Risk Management platform offers a complete framework for implementing policy management, auditing and reporting related to the third-party risk requirements of ISO 27001, 27002 and 27018.
Research from TechValidate proves that customers choose Prevalent Third-Party Risk Management for visibility, automation and scale.
In 2013, attackers used a third-party vendor’s access to compromise Target’s network and steal sensitive customer information. This blog reviews the Target breach’s background and what today’s third-party risk management practitioners are still learning from this breach.
Agencies that make up the FFIEC prescribe best practices and a standardized approach for all field examiners conducting audits. Financial institutions should use these as a blueprint when preparing for an examination.
Easily compare TPRM solution capabilities with this industry-standard request for proposal template.
Complying with HIPAA legislation requires a complete, internal view of third-party security and privacy controls; something that simply can't be addressed with an external scan.
The EBA Guidelines set out the internal governance arrangements that credit, payment, and electronic money institutions should implement when outsourcing internal services, activities, or functions. The guidelines became effective on September 30, 2019.