Sage Advice - Cybersecurity Blog

Andy Chandler

Recent Posts

Vendor Management Best Practice for Non-Regulated Industries

Many of the recent cyber attacks in the news have something in common. A third-party vendor or affiliate is involved. Proper oversight of these third parties is an essential element of your institution’s cyber resilience strategy.  You can outsource the function, but never the responsibility.

Read More

Topics: Vendor Management

Vendor Management - Tips for Creating a Vendor List

You already know who your critical vendors are, right? But do you know all your vendors? If a regulator were to walk into your office and ask about Vendor Z, are you confident enough in your documentation that you’ll be able to explain Vendor Z to them?

Even though you have a handle on your critical vendors, it’s often the “minor” vendors that get us in trouble. If the regulators hear you say, “I’m sorry, I don’t know who Vendor Z is, but I’ll find out for you,” it makes them wonder if you really have a firm grasp on your Vendor Management program.

Read More

Topics: Compliance, Vendor Management