SOC 2 Academy: Managing Vendor Risk

Author: kirkpatrickprice00

Description: Learn more at https://kirkpatrickprice.com/video/soc-2-academy-managing-vendor-risk/

It’s rare in today’s society that organizations operate without utilizing third-party vendors to carry out some sort of their business function. From payroll processors to electricians, managing vendor risk is paramount to ensuring that a service organization is secure. Think of it like this: what would be the impact if a third-party vendor was impacted by a natural disaster and couldn’t fulfill a critical function of an organization’s business? What if a third-party vendor hosted all of an organization’s sensitive data and was later breached? It’s happened before, and it will happen again. This is why during a SOC 2 audit, an auditor will want to validate that organizations comply with common criteria 9.2. They’ll verify compliance using the following points of focus as a guide.
- Does the entity establish requirements for vendor and business partner engagements?
- Does the entity assess vendor and business partner risks?
- Does the entity assign responsibility and accountability for managing vendors and business partners?
- Does the entity establish communication protocols for vendors and business partners?
- Does the entity establish exception handling procedures from vendors and business partners?
- Does the entity assess vendor and business partner performance?
- Does the entity implement procedures for addressing issues identified during vendor and business partner assessments?
- Does the entity implement procedures for terminating vendor and business partner relationships?

Stay Connected
Twitter: https://twitter.com/KPAudit
LinkedIn: https://www.linkedin.com/company/kirkpatrickprice/
Facebook: https://www.facebook.com/kirkpatrickprice/

More Free Resources
Blog: https://kirkpatrickprice.com/blog/
Webinars: https://kirkpatrickprice.com/webinars/
Videos: https://kirkpatrickprice.com/video/
White Papers: https://kirkpatrickprice.com/white-papers/

About Us
KirkpatrickPrice is a licensed CPA firm, PCI QSA, and a HITRUST CSF Assessor, registered with the PCAOB, providing assurance services to clients in more than 48 states, Canada, Asia, and Europe. The firm has over 13 years of experience in information security and compliance assurance by performing assessments, audits, and tests that strengthen information security and internal controls. KirkpatrickPrice most commonly provides advice on SOC 1, SOC 2, PCI DSS, HIPAA, HITRUST CSF, GDPR, ISO 27001, FISMA, and CFPB frameworks.

For more about KirkpatrickPrice: https://kirkpatrickprice.com/
Contact us today: 800-770-2701 https://kirkpatrickprice.com/contact/