Could someone provide insights on the latest industry trends and best practices for incorporating information security provisions in contracts with third-party vendors and suppliers, including cloud service providers, especially when our company shares sensitive data?  Also, if there are any process improvement ideas for contract reviews, that would also be helpful.  Thank you.

Security Strategy & RoadmapProcess ManagementThird Party Risk Management (TPRM)
821 views1 Upvote4 Comments
Sort By:
Oldest
Manager, Cybersecurity in Travel and Hospitalitya month ago
I would highlight data handling and destruction policies, strict SLA’s, automated contract review alerts. For cloud, especially for cloud adopting CSA STAR is good one to consider for your requirements.
2 2 Replies
Information Security Analyst in Healthcare and Biotecha month ago

Thank you Pradeep Reddy Sama.

1
Manager, Cybersecurity in Travel and Hospitalitya month ago

Happy to have conversations around the TPRM topic anytime.

lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
Senior Manager in Softwarea month ago
First, specify security requirements like encryption standards, access controls and incident response. Include clauses for compliance with relevant regulations and regular security assessments or audits. It's also crucial to add a data breach notification clause that outlines how quickly vendors must inform you of breaches and their mitigation steps. For contract reviews, create a standardized checklist for security provisions to streamline the process and ensure consistency. Involving your legal and IT security teams early can help identify potential issues.

Content you might like

Is your organization using a specific solution to redact commercial confidential information? This is a based on the EU Clinical Trials Regulation (CTR) requires key data (e.g., protocol) and information submitted in the EU Database to be publicly accessible in the Clinical Trials Information System (CTIS)- certain specific information.

Process Management
1.6k views1 Upvote

What factors do you consider when evaluating job security in a company?

Applications & PlatformsCloudContact Center & Telecom+15 more

Company financial stability57%

Industry trends45%

Length of time in business43%

Recent layoffs or restructuring47%

Employee turnover rate46%

Compensation38%

Culture46%

Blindly following Review sites (eg. GlassDoor)5%

Other(s)2%

View Results
17.7k views7 Upvotes2 Comments

What qualifications are required and recommended for web application penetration testing?

SecurityTestingSecurity Strategy & Roadmap
Senior Manager in Softwarea month ago
A solid understanding of web technologies and basic networking concepts is essential, along with familiarity with penetration testing tools like Burp Suite and Wireshark. However, based on my experience, the most critical ...read more
2
Read More Comments
501 views2 Comments

What is your "hot take" for IT in 2024?

Process ManagementPersonal DevelopmentIT Strategy & Roadmap
Sr. Manager, Enterprise Architecture in Media9 months ago
Building a story around what zero-trust is and what solutions are used to achieve zero-trust security goals. Then, educate the organization to bring awareness. 
2 1 Reply
Read More Comments
53.2k views5 Upvotes33 Comments

Does your org have a policy banning TikTok specifically on contractor devices?

Third Party Risk Management (TPRM)Threat & Vulnerability ManagementSecurity Strategy & Roadmap

Yes, specifically TikTok25%

Yes, specifically, but not only TikTok50%

No20%

Don’t know…3%

View Results
23.6k views1 Upvote2 Comments