Aug 12, 2021
4 min read
The Impact of EBA Guidelines on Third-Party Risk Management
There are many types of third-party vendors whose activities, as they relate to European banking and the financial market, are regulated by the European Banking Authority (EBA). These include cloud-based web hosts, call center providers, bookkeepers and various maintenance providers and software companies, among others. Working with these third-party vendors has many advantages, as it reduces costs and improves flexibility...
Oct 22, 2020
4 min read
Securing Your Suppliers: Complying With Regulations
Organizations have much more than just data to lose in a third-party breach. Besides losing consumer confidence and loyalty, companies in both the United States and the EU can face costly penalties for violating data privacy regulations. During National Cybersecurity Awareness Month (NSCAM), it’s appropriate for organizations to also be aware of the risks of non-compliance. Not complying with HIPAA...
Sep 07, 2020
4 min read
7 Facts You Should Know About NYDFS
Many organizations must comply with the New York Department of Financial Services (NYDFS) Cybersecurity Regulation, which is also known as 23 NYCRR 500. Like numerous regulations, 23 NYCRR 500 is designed to protect sensitive non-public information. However, it is specifically meant for covered New York-chartered or licensed financial institutions such as credit unions, banks, insurance firms and mortgage companies, as...
May 27, 2020
4 min read
4 NIST Standards Your Organization Should Align With
The National Institute of Standards and Technology (NIST), part of the US Department of Commerce, establishes best practices that are considered some of the best standards throughout the world. Some of their standards focus specifically on information security and privacy and are particularly important when assessing cyber posture. NIST’s robust InfoSec and privacy standards are valuable because they are well thought-out,...
Apr 07, 2020
4 min read
5 Key Security Controls That Should Be in Your SOC 2
You want to grow your business, but your customers want to be sure that you have taken steps to prevent unauthorized access to their sensitive data and personal information. One effective way to demonstrate that your organization has the right security controls in place is through a Service Organization Control 2 (SOC 2). Developed by the American Institute of Certified...
Nov 26, 2019
3 min read
3 Key Points About CCPA
What is CCPA? The California Consumer Privacy Act (AB 375), which will go into effect on January 1, 2020, is expected to significantly strengthen data collection and privacy in the USA. Similar to the way the General Data Protection Regulation (GDPR) defined data privacy in Europe, the CCPA regulation is expected to set the standard for data privacy in...
Oct 24, 2019
3 min read
Tips for Your Vendor Security: Complying With Regulations
Organizations have much more than just data to lose in a third-party breach. Besides losing consumer confidence and loyalty, companies can face costly penalties for violating data privacy regulations. (more…)
Jul 16, 2019
4 min read
What is SIG?
The SIG, short for "Standardized Information Gathering (Questionnaire)" is a repository of third-party information security and privacy questions, indexed to multiple regulations and control frameworks. SIG is published by a non-profit called Shared Assessments, and has been in existence for about 12 years. The SIG has become such a popular means to assess vendor security risk that more than 15,000...
May 22, 2019
4 min read
Happy Birthday, GDPR!
It’s been one year since the General Data Protection Regulation was implemented, and it’s shaken up the way many companies approach data privacy and third-party cybersecurity. We asked Dov Goldman, Panorays’ director of risk and compliance, to share his insights about this sweeping regulation. (more…)
Feb 14, 2019
2 min read
NYDFS Cybersecurity Regulation Deadline Looming
The two-year implementation period for the New York Department of Financial Services (NYDFS) cybersecurity regulation, 23 NYCRR 500, will be over on March 1. This means that the final requirement involving entities that use third-party providers will soon become effective. (more…)
Popular Posts
Nov 26, 2019
3 min read
3 Key Points About CCPA
What is CCPA? The California Consumer Privacy Act (AB 375), which will go into effect on January 1, 2020, is expected to significantly strengthen data collection and privacy in the USA. Similar to the way the General Data Protection Regulation (GDPR) defined data privacy in Europe, the CCPA regulation is expected to set the standard for data privacy in...
May 08, 2019
3 min read
3 Reasons Why Enterprises Hate Security Questionnaires
It’s not hard to understand why security questionnaires are necessary. Because regulations like GDPR and NYDFS are holding businesses accountable for their third parties’ cybersecurity, it’s important for enterprises to assess and continuously monitor all vendors, suppliers and business partners. And the initial vetting of any third parties typically begins with a comprehensive security questionnaire to evaluate cyber posture. (more…)