Security Compliance

Security Compliance

by | Jan 13, 2020

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Buy Here
Mastering Third-Party Risk

Mastering Third-Party Risk

by | Jul 7, 2025

Bill Bonney, Chris Forbes, Gary Hayslip, Dr. Andrea Little Limbago, and Matt Stamper bring together a wealth of expertise from across the risk management spectrum, forming an ideal team to address the complex and urgent challenges of third-party risk. Drawing on their collective experience as practitioners, consultants, and researchers, they deliver a rich blend of insights that both inform and motivate. Their guidance spans philosophical concepts, practical steps, and technical details, equipping you to design a third-party risk management program that’s robust, forward-thinking, and exceeds mere regulatory compliance. Mastering Third-Party Risk: A Practical Handbook for Managing Vendor, Third-Party, and Supply Chain Threats in Every Organization empowers you to proactively manage risks, enhance your supply chain, and prepare for emerging threats.

Third-party risks that are the result of relationships external to our organizations grow greater and more complex as the number of third parties we deal with grows and the complexity of our supply chains increases. In the ever-expanding and rapidly evolving global marketplace, supply chain management (SCM) has become increasingly critical for businesses of all sizes. SCM is a necessary lifeline for organizations that depend on external providers for their products, services, intellectual property, and integration of extended partner networks. As supply chains become increasingly complex, often spanning multiple countries, they become more vulnerable to geopolitical risks and logistical challenges. Unplanned events, such as natural disasters, supplier bankruptcies, trade disputes, and cyberattacks, can lead to significant operational disruptions and economic losses and have profound implications for a company’s financial stability. This book provides a thorough treatment of third-party risk, whether you’re dealing primarily with regional vendors or a complex global supply chain.

Buy on Amazon
See all purchase options
Buy Here

Table of Contents

Mastering Third-Party Risk

A Practical Handbook for Managing Vendor, Third-Party, and Supply Chain Threats in Every Organization

Section 1 – Foundations of Third-Party Risk Management (Chapters 1-3)

In the first section, “Foundations of Third-Party Risk Management,” handle the key governance foundation of TPRM. Section one lays out governance principles such as charters, policy, roles and responsibilities, required resources and some of the fundamental tools to successfully manage your program.

Section 2 – Operational Considerations for Third-Party Risk Management Programs (Chapter 4-7)

In Section two we go through the operational ecosystem that makes up the tasks and risk considerations of TPRM. We methodically dissect the TPRM lifecycle, beginning with bringing new third parties onboard, including the due diligence necessary to do that safely. We also discuss the day-to-day operations and continual risk mitigation required to manage third-party risk. We then look at how to respond when incidents occur within your third-party portfolio and finally, how to safely offboard terminated third parties.

Section 3 – Managing and Optimizing (Chapters 8-10)

In Section three we begin to examine the external factors that impact the supply chain and provide a methodology for optimization. First, in Chapter 8, we provide a comprehensive analysis of how global supply chains have transformed in response to recent disruptions and geopolitical shifts. Then in Chapter 9, we present a comprehensive framework for optimizing supply chain risk management (SCRM) programs, emphasizing the need for practical, agile, and financially sound approaches that align with business objectives and resilience goals. Finally, in Chapter 10, we examine the growing and intertwined risks of sustainability, climate change, and third-party (vendor) management. Whether or not companies take a stance on combating climate change is irrelevant to the impact that these changes will have on them, their suppliers, and their customers.

Section 4 – Legal and Regulatory (Chapters 11 and 12)

In Section four we do a deep dive into the legal and regulatory frameworks that inform how we operate our third-party risk management programs. We start in Chapter 11 by examining the critical legal aspects of Third-Party Risk Management (TPRM), emphasizing the importance of thorough, well-crafted contracts and the necessity of close collaboration among legal, security, and operational teams. We also look at how the shifting international regulatory landscape has created a very dynamic and fluid set of requirements that take continual diligence. Then in Chapter 12, we look at the specifics of regulatory action and what it directly means for your programs.

Section 5 – Supply Chain Risks (Chapters 13 and 14)

In Section five we begin in Chapter 13 by unpacking a holistic, adaptive approach that blends rigorous methodologies, advanced technology, cross-functional collaboration, and continuous improvement to anticipate, mitigate, and respond to the full spectrum of supply chain risks. In addition to the analytical approach, we also demonstrate the value of building a strong risk culture, fostering communication, and integrating risk management with business strategy. In Chapter 14, we finish Section 5 and the book by exploring the rapidly evolving landscape of artificial intelligence (AI) and its profound impact on third-party risk management.

 

 

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

Mastering Third-Party Risk

Data Privacy

by | Jan 13, 2020

The topic of privacy has become a priority for boards of directors, the executive leadership team, and privacy and security leaders alike. Regulations including the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and sector-specific regulations including the Health Insurance Portability and Accountability Act (HIPAA) all require important treatment of personal data, personal information, personally identifiable information and protected health information. Security and privacy are intertwined. As the saying goes, you can have security without privacy, but you cannot have privacy without security. Privacy, like security, is a multi-disciplinary domain that requires insight and collaboration across a host of corporate functions including sales and marketing, legal, IT, HR, security, among others. Similar to security, privacy has ascended as a C-level function and consequences of poor privacy practices include damaged reputation, regulatory intervention (e.g., a consent order), fines and other financial impacts and clearly data breaches when sensitive information is not adequately secured throughout its lifecycle.

The order of the essays within each chapter follows the arc of the authors’ differing backgrounds and perspectives. David Goodman’s essays lead off most chapters and provide a high-level view reflecting his background as a consultant and analyst in the areas of identity, cybersecurity, and privacy. For those who want to understand why we’re covering a particular topic and how it might affect your firm, David’s essays provide the perfect grounding. Justine Phillip’s essays usually come next, and her perspective from her privacy practice at DLA Piper provides context that only someone guiding clients through the legal aspects of data breach preparedness and response can bring. Her review of regulations from a lawyer’s perspective and her practical advice based on case law are invaluable. Finally, Matt Stamper’s essays finish most chapters. His experience as a cybersecurity and privacy leader, analyst, and practitioner provides the deep technical context to help privacy professionals deep dive as needed. Taken together, the three perspectives provide unmatched insights for assessing or building your data privacy program.

Buy on Amazon
Buy on Apple
Buy on Kobo
See all purchase options
Buy Here

Table of Contents

Data Privacy Program Guide

How to Build a Privacy Program that Inspires Trust

Section 1 – In Pursuit of Privacy (Chapters 1 and 2)

In the first section, “The Pursuit of Privacy,” we examine why we value privacy as individuals and the value of a privacy program to your company. Although this book primarily focuses on building and managing privacy programs, we believe it is essential to make the case that a privacy program has value for companies because privacy has value to us as individuals.

Section 2 – Preparing the Program (Chapter 3-8)

In Section Two, “Preparing the Program,” we’re going to unpack six essential considerations for you to keep in mind as you construct or evaluate your privacy program. In Chapter 3, “The Role of the CPO/DPO,” we start with the role of the privacy leader in your organization, often referred to as the Chief Privacy Officer or Data Protection Officer. Then each author outlines what constitutes the critical elements of a privacy program to them in Chapter 4, “Elements of a Privacy Program.” In Chapter 5, “Privacy Technology,” we dive into the role technology plays, both in creating the data we need to protect and then offering that very protection. The last three chapters in this section cover the data privacy lifecycle (Chapter 6), global privacy regulations (Chapter 7), and the key concepts of Privacy by Design (PbD) (Chapter 8).

Section 3 – Risk Assessments (Chapters 9-11)

Chapter 9, “Data Classification and Discovery,” will look at identifying the data elements that privacy leaders are most concerned with and how to manage and reduce the associated risk. In Chapter 10, “Vendor Risk Management,” we continue the assessment and risk reduction theme by first identifying the types of third-party relationships that bring elevated risk and then reviewing processes and tools that can be helpful in reducing risk. Finally, in Chapter 11, “Reasonable Security,” we provide guidance you can use to get the most out of your partnership with the security team.

Section 4 – Making it Happen (Chapters 12 and 13)

Employees are often not trained in every task their job requires until they encounter the need to perform it. However, given that turning a consumer’s request to exercise their privacy rights into a data breach is the privacy equivalate to an own goal. While there is more to data breach response and handling data subject access requests than training, as we discuss in Chapters 12 and 13, we must have the business processes in place to activate the appropriate response when triggered. Though these are new disciplines, they build upon processes we have years of experience with.

 

 

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.