Third Party Risk Management


Presented by: Sam Pfanstiel, CISSP, CISM, QSA(P2PE), ETA CPP Solution Principal, Coalfire Systems

Every business relies on third parties to conduct business. Some may provide information technology services, some may not. All of them are electronically connected to your business.

Today, most organizations have relationships with dozens, hundreds or even thousands of suppliers, vendors, service providers, contractors, and subcontractors. When a company enlists these third parties, it entrusts its operations, brand and data to the supplier.  But it doesn’t shed any of its data security obligations. Indeed, the PCI DSS, data privacy laws and multiple regulatory agencies are clear on this: enterprises must ensure that the data security standards of their vendors are consistent with their own, and they are potentially held liable themselves when those third parties suffer security lapses.

In recent years, the number of cyber security incidents originating from outside vendors has increased dramatically. Recent data breaches demonstrate just how much companies could be impacted by third-party security vulnerabilities. Thus, third-party risk oversight has become a key strategic priority.

Based on this experience, Sam Pfanstiel, Solution Principal and the Coalfire’s representative on the Conexxus Data Security Standards Committee, will deliver a presentation on Third-Party Risk Management.  Webinar attendees will learn:

  • Why TPRM matters to every enterprise
  • The TPRM requirements articulated in PCI DSS v3.2
  • Best Practices, Recommendations, and Resources for establishing an effective TPRM program
Cybersecurity, Risk Management