The fundamentals of compliance-based Vendor Management have been around since 2004’s FFIEC Outsourcing of Technology Services booklet was released. While VM has evolved a bit over the years, the process is essentially still the same. We gather documentation, review it, and try to decide whether we keep doing business with this company or not. Analyzing vendor documentation is important, but the real question we need to ask is this: how do we understand if our vendors are really protecting your data?

This presentation will cover the following areas/topics:

• Regulatory Vendor Management Guidance over the years
• How to build a “modern” Vendor Management Program
• Other ways to manage Vendor Risk
• Other tools to review Vendor security
• Supply Chain Management/4th Party Management

Target Audience:  Information security officers, IT managers, risk offi