What NY CRR 500 Means for Vendor Compliance Management

by Sarah Harvey / December 16, 2022

NY CRR 500 and Vendor Compliance In March 2017, the New York State Department of Financial Services Cybersecurity Requirements Regulation for Financial Services Companies Part 500 (NY CRR 500) of Title 23 went into effect, establishing new cybersecurity requirements for financial services companies. NY CRR 500 requires that financial services companies (covered entities) develop a cybersecurity program that protects the confidentiality, integrity, and availability of sensitive customer information and information…

What to Look for in a Quality Vendor

by Sarah Harvey / June 15, 2023

Vendor Compliance Most organizations utilize third-party vendors to assist them in fulfilling their business needs because they just can’t do it all themselves. These vendors play a critical role in allowing organizations to sustain their business, but they can also be a liability for a company. Why? Because if a third-party vendor isn’t properly vetted, they can pose a major risk to an organization. Let’s say that your organization is…

What to Ask Your Vendors About GDPR Compliance

by Sarah Harvey / December 16, 2022

Are Your Vendors Data Processors? Vendor compliance management is a key starting point towards GDPR compliance. When your organization is deciding whether to use a vendor as part of your GDPR compliance efforts, you must follow GDPR vendor (processor) compliance management best practices. As a controller, you determine the purpose and means for processing personal data. You have authority and decision-making over personal data and take on the responsibilities of…

Been Breached? How to Report Consumer Risk with a Risk Assessment

by Benjamin Wright / April 12, 2023

 Using a Risk Assessment to Report Consumer Risk Because there are so many different laws that regulate how and when an organization must give notice if it has had a data security breach, understanding what the correct plan of action is for your organization or determining how to report consumer risk from breaches might be daunting. Nevertheless, the laws do have one major commonality: does the consumer suffer a…

7 Deadly Breaches of 2018 (So Far)

by Sarah Harvey / December 16, 2022

With the complexity of the current threat landscape, organizations must be more alert than ever to potential data breaches. Who will be next? What happened? What will the fine be? While we’re only midway through 2018, we’ve seen headline after headline from organizations who have come forward to notify their customers of breaches. Let’s a take look at some of the top data breaches of 2018 to learn what went…