SEARCH FOR VEN­DOR DUE DILIGENCE

Distinguished Magazine - - CYBERSECUR­ITY -

The ques­tion­naire called Shared As­sess­ments’ Stan­dard In­for­ma­tion Gath­er­ing (SIG) which is a very con­ve­nient tool, could be used to deal with your ven­dors. By us­ing this ques­tion­naire, the var­i­ous se­cu­rity aspects of their po­si­tion in se­cu­rity will be re­vealed so that if they have re­ceived key cer­ti­fi­ca­tions which proves that they deal with their data such as fa­cil­i­ties and pay­ment card in­for­ma­tion (PCI) in a flex­i­ble man­ner.

You can also ac­quire knowl­edge on how they con­structed their en­tire se­cu­rity pro­gram from bound­ary pro­tec­tion to ac­cess con­trol and how per­sis­tent they are in car­ry­ing out reg­u­lar val­i­da­tions and reviews. Af­ter the ven­dor as­sess­ment is car­ried out if you come across se­cu­rity gaps, then you would have to take ac­tions for sure. The ven­dor could be re­quired to seek out the re­quired cer­ti­fi­ca­tions or in-house production­s could be de­vised to make up for the lack of con­trol of the ven­dor. Sev­eral op­tions could be con­sid­ered for any danger that is raised dur­ing the ven­dor risk as­sess­ment.

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.