How to Read Your Vendor’s SOC 1 or SOC 2 Report

by Sarah Harvey / June 13, 2023

Most organizations outsource some aspect of their business to vendors, whether it’s to perform a specific, integral task or replace an entire business unit. Vendors can be in roles like customer support, financial technology, record storage, software development, or claims processing. Using vendors can further an organization’s business objectives, enable them to function more effectively, and may be more cost-efficient. With all these opportunities, organizations must remain aware of the…

GDPR Fundamentals: The Basics of the Law

by Mark Hinely / April 5, 2023

 Have you been clicking “Accept” on a lot more sites asking for consent to use cookies? Did you receive a flood of updated privacy policies from brands you are subscribed to? Have you noticed that companies who’ve been recently breached are giving out a lot more information about the event than they normally would? There is a reason for all of this, and it’s GDPR. What is GDPR? Born…

GDPR Readiness: How GDPR Impacts Privacy Policies

by Sarah Harvey / July 12, 2023

Privacy Policies and GDPR Since GDPR has become enforceable, the impact of the law on privacy policies has been quite noticeable. Did you receive an influx of emails from your favorite companies notifying you of updates to their privacy policies? In an effort to create GDPR-compliant privacy policies, many organizations rushed to meet the May 25th, 2018 enforcement deadline. But what are some of the mistakes these companies are making while…

What NY CRR 500 Means for Vendor Compliance Management

by Sarah Harvey / December 16, 2022

NY CRR 500 and Vendor Compliance In March 2017, the New York State Department of Financial Services Cybersecurity Requirements Regulation for Financial Services Companies Part 500 (NY CRR 500) of Title 23 went into effect, establishing new cybersecurity requirements for financial services companies. NY CRR 500 requires that financial services companies (covered entities) develop a cybersecurity program that protects the confidentiality, integrity, and availability of sensitive customer information and information…

What to Look for in a Quality Vendor

by Sarah Harvey / June 15, 2023

Vendor Compliance Most organizations utilize third-party vendors to assist them in fulfilling their business needs because they just can’t do it all themselves. These vendors play a critical role in allowing organizations to sustain their business, but they can also be a liability for a company. Why? Because if a third-party vendor isn’t properly vetted, they can pose a major risk to an organization. Let’s say that your organization is…