SlideShare a Scribd company logo

Vendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIEC

Download as PPTX, PDF
ControlCase
ControlCase

Vendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIEC

InternetTechnology
1 of 28
Vendor Management– PCI DSS, ISO 27001, EI3PA, HIPAA and FFIEC By Kishor Vaswani, CEO - ControlCase
Agenda • About PCI DSS, ISO 27001, EI3PA and HIPAA • Setting up a basic vendor management program • Challenges in the vendor management space • Q&A 1
What is Vendor Risk Management Vendor risk management (VRM) is a comprehensive plan for identifying and decreasing potential business uncertainties and legal liabilities regarding the hiring of 3rd parties (vendors) to provide information technology (IT) products, business process outsourcing and other related services. 2
About PCI DSS, ISO 27001, EI3PA, HIPAA and FFIEC
What is PCI DSS? Payment Card Industry Data Security Standard: • Guidelines for securely processing, storing, or transmitting payment card account data • Established by leading payment card issuers • Maintained by the PCI Security Standards Council (PCI SSC) 3
What is ISO 27001/ISO 27002 ISO Standard: • ISO 27001 is the management framework for implementing information security within an organization • ISO 27002 are the detailed controls from an implementation perspective 4
What is EI3PA? Experian Security Audit Requirements: • Experian is one of the three major consumer credit bureaus in the United States • Guidelines for securely processing, storing, or transmitting Experian Provided Data • Established by Experian to protect consumer data/credit history data provided by them 5
What is HIPAA? Health Insurance Portability & Accountability Act of 1996 & HIPAA Omnibus Rule: • Establishes administrative, physical and technical security and privacy standards • Applies to both healthcare providers and business associates (3rd parties) • Attributes responsibility for monitoring HIPAA compliance of business associates to healthcare providers • Assessment of compliance of business associates due 09/23/13 6
Impact to Business Associates and their suppliers • Business associates must identify, assess and monitor their supporting business associates (BAs of BAs) and provide regular updates to the respective CE • BAs must establish and define (contractually) security requirements, right to audit, incident reporting clauses with their service providers • BAs must implement an effective monitoring/assessment process based on the nature of the data exchanged with service providers • Be able to show due diligence/due care with respect to monitoring their supplier’s security compliance 7
CFPB/FFIEC/OCC Guidance • Guidance provided by Consumer Financial Protection Bureau (CFPB) – Apr 2012 • Federal Deposit Insurance Corporation (FDIC) guidance issued – Sep 2013 • Office of the Comptroller of the Currency (OCC) – Oct 2013 • All of these regulations require due diligence of vendors in various areas such as risk assessments, contracts, information security, insurance and subcontracting. 8
Setting up a basic vendor management program
High Level Process Register/Inventory vendors Categorize vendors Map controls to categories Create vendor risk assessment questionnaire Create master control checklist Distribute questionnaire to vendors Analyze responses and attachments Track exceptions to closure 9
Step 1 – Register/Inventory vendors 10
Step 2 – Categorize vendors Questions to ask - What type of data do they store, process or transmit (SSN, Card Numbers, Customer Name, Diagnosis code(s), etc.,) - Is the data in a physical and/or electronic form - What business are they in (Call Center, Recoveries, Managed Service, Software Development, Printing, Hosting) - What risk factors exist based on Geography (North America, Asia/Pacific, South America etc.) 11
Step 2 – Categorize vendors (continued) Considerations: Less exposure of disclosure/compromise = less verification (i.e., survey only) More exposure of disclosure/compromise = more verification and validation (e.g., survey, evidence review, on-site assessment) 12
Step 3 – Create master control checklist • Policy Management • Vendor/Third Party Management • Asset and Vulnerability Management • Change Management and Monitoring • Incident and Problem Management • Data Management • Risk Management • Business continuity Management • HR Management • Compliance Project Management 13
Step 4 – Map controls to categories Map controls from master list to categories based on - What is relevant to the type of data being stored processed or transmitted (for e.g. if card data then PCI DSS may be relevant to check for vs. not) - What is relevant from a business perspective (e.g. call centers third parties have VOIP related controls whereas software development may not) - What is relevant from a geography perspective (e.g. background checks in USA vs. India may be different and may require testing different controls) 14
Step 5 – Create vendor risk assessment questionnaire 15
Step 6 – Distribute risk assessment questionnaire to vendors 16
Step 7 - Analyze responses and attachments 17
Step 8 – Track exceptions to closure 18
Challenges in Vendor Management Space
Challenges • Redundant Efforts • Cost inefficiencies • Lack of dashboard • Fixing of dispositions • Reducing budgets (Do more with less) 19
ControlCase Solution
Vendor/Third Party Management 20  Management of third parties/vendors  Self attestation by third parties/vendors  Remediation tracking  Includes BITS FISAP content Reg/Standard Coverage area ISO 27001 A.6, A.10 PCI 12 EI3PA 12
Why Choose ControlCase? • Global Reach › Serving more than 400 clients in 40 countries and rapidly growing • Certified Resources › Shared Assessment/BITS FISAP Assessor › PCI DSS Qualified Security Assessor (QSA) › QSA for Point-to-Point Encryption (QSA P2PE) › Certified ASV vendor › Certified ISO 27001 Assessor › EI3PA Assessor › SSAE16, SOC1, SOC2, SOC3 Audits › HITRUST and HIPAA 21
To Learn More … • Visit www.controlcase.com • Call +1 703 483 6383 (North America) • Call +57 1 678 3716 (South America) • Call +44 1276 686 048 (Europe) • Call +971 4440 5958 (Middle East & Africa) • Call +91 982 029 3399 (Asia Pacific) • Kishor Vaswani (CEO) – kvaswani@controlcase.com 22
Thank You for Your Time

Recommended

Sap security compliance tools_PennonSoft
Sap security compliance tools_PennonSoftSap security compliance tools_PennonSoft
Sap security compliance tools_PennonSoftPennonSoft
 
Internal controls in an IT environment
Internal controls in an IT environment Internal controls in an IT environment
Internal controls in an IT environment Chris Nicole Apat-Orcullo, CPA
 
GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014Paul Simidi
 
Cloud Securiy: A Vendor Risk Management Perspective
Cloud Securiy: A Vendor Risk Management PerspectiveCloud Securiy: A Vendor Risk Management Perspective
Cloud Securiy: A Vendor Risk Management PerspectiveArgyle Executive Forum
 
Ten Slides in Ten Minutes - Company Realities - GRC
Ten Slides in Ten Minutes - Company Realities - GRCTen Slides in Ten Minutes - Company Realities - GRC
Ten Slides in Ten Minutes - Company Realities - GRCBill Graham CP.APMP
 
Compliance Management | Compliance Solutions
Compliance Management | Compliance SolutionsCompliance Management | Compliance Solutions
Compliance Management | Compliance SolutionsCorporater
 
Integrated GRC
Integrated GRCIntegrated GRC
Integrated GRCTranscendent Group
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013Rahul Bhan (CA, CIA, MBA)
 

Recommended

Sap security compliance tools_PennonSoft
Sap security compliance tools_PennonSoftSap security compliance tools_PennonSoft
Sap security compliance tools_PennonSoftPennonSoft
 
Internal controls in an IT environment
Internal controls in an IT environment Internal controls in an IT environment
Internal controls in an IT environment Chris Nicole Apat-Orcullo, CPA
 
GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014Paul Simidi
 
Cloud Securiy: A Vendor Risk Management Perspective
Cloud Securiy: A Vendor Risk Management PerspectiveCloud Securiy: A Vendor Risk Management Perspective
Cloud Securiy: A Vendor Risk Management PerspectiveArgyle Executive Forum
 
Ten Slides in Ten Minutes - Company Realities - GRC
Ten Slides in Ten Minutes - Company Realities - GRCTen Slides in Ten Minutes - Company Realities - GRC
Ten Slides in Ten Minutes - Company Realities - GRCBill Graham CP.APMP
 
Compliance Management | Compliance Solutions
Compliance Management | Compliance SolutionsCompliance Management | Compliance Solutions
Compliance Management | Compliance SolutionsCorporater
 
Integrated GRC
Integrated GRCIntegrated GRC
Integrated GRCTranscendent Group
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013Rahul Bhan (CA, CIA, MBA)
 
Privacy & Security Controls In Vendor Management Al Raymond
Privacy & Security Controls In Vendor Management Al RaymondPrivacy & Security Controls In Vendor Management Al Raymond
Privacy & Security Controls In Vendor Management Al Raymondspencerharry
 
Data analytics and audit coverage guide
Data analytics and audit coverage guideData analytics and audit coverage guide
Data analytics and audit coverage guideCenapSerdarolu
 
Segregation of Duties Solutions
Segregation of Duties SolutionsSegregation of Duties Solutions
Segregation of Duties SolutionsAhmed Abdul Hamed
 
Governance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesGovernance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesCapgemini
 
it grc
it grc it grc
it grc 9535814851
 
Key Challenges Facing Vendor Risk Management Programs
Key Challenges Facing Vendor Risk Management ProgramsKey Challenges Facing Vendor Risk Management Programs
Key Challenges Facing Vendor Risk Management ProgramsColleen Beck-Domanico
 
008.itsecurity bcp v1
008.itsecurity bcp v1008.itsecurity bcp v1
008.itsecurity bcp v1Mohammad Ashfaqur Rahman
 
Business Impact Analysis - The Most Important Step during BCMS Implementation
Business Impact Analysis - The Most Important Step during BCMS ImplementationBusiness Impact Analysis - The Most Important Step during BCMS Implementation
Business Impact Analysis - The Most Important Step during BCMS ImplementationPECB
 
Prof- Hernan Huwyler, MBA CPA ISO 37002 Roadmap
Prof- Hernan Huwyler, MBA CPA ISO 37002 RoadmapProf- Hernan Huwyler, MBA CPA ISO 37002 Roadmap
Prof- Hernan Huwyler, MBA CPA ISO 37002 RoadmapHernan Huwyler, MBA CPA
 
Simplifying IT GRC
Simplifying IT GRCSimplifying IT GRC
Simplifying IT GRCanand choudhary
 
Implementing Robust AML/CFT Monitoring Solutions
Implementing Robust AML/CFT Monitoring SolutionsImplementing Robust AML/CFT Monitoring Solutions
Implementing Robust AML/CFT Monitoring SolutionsFrancois Combrinck CBAP
 
Sudarsan Jayaraman - Open information security management maturity model
Sudarsan Jayaraman - Open information security management maturity modelSudarsan Jayaraman - Open information security management maturity model
Sudarsan Jayaraman - Open information security management maturity modelnooralmousa
 
Assessing the Impact of a Disruption: Building an Effective Business Impact A...
Assessing the Impact of a Disruption: Building an Effective Business Impact A...Assessing the Impact of a Disruption: Building an Effective Business Impact A...
Assessing the Impact of a Disruption: Building an Effective Business Impact A...PECB
 
Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management Risk Management Institution of Australasia
 
Information System audit
Information System auditInformation System audit
Information System auditPratapchandra
 
3c 2 Information Systems Audit
3c 2 Information Systems Audit3c 2 Information Systems Audit
3c 2 Information Systems AuditRajeswaran Muthu Venkatachalam
 
Life of the software - SDLC
Life of the software - SDLCLife of the software - SDLC
Life of the software - SDLCBharath Rao
 
Governance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionGovernance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionRishabh Software
 
Continuous Transaction Monitoring Detect and analyze anomalous transactions t...
Continuous Transaction Monitoring Detect and analyze anomalous transactions t...Continuous Transaction Monitoring Detect and analyze anomalous transactions t...
Continuous Transaction Monitoring Detect and analyze anomalous transactions t...Genpact Ltd
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditingDamilola Mosaku
 
EY Human Capital Conference 2012: Global Employee Mobility - Managing vendors...
EY Human Capital Conference 2012: Global Employee Mobility - Managing vendors...EY Human Capital Conference 2012: Global Employee Mobility - Managing vendors...
EY Human Capital Conference 2012: Global Employee Mobility - Managing vendors...EY
 
Vendor Management - Compliance Checklist Manifesto Series
Vendor Management - Compliance Checklist Manifesto SeriesVendor Management - Compliance Checklist Manifesto Series
Vendor Management - Compliance Checklist Manifesto SeriesContinuity Control
 

More Related Content

What's hot

Privacy & Security Controls In Vendor Management Al Raymond
Privacy & Security Controls In Vendor Management Al RaymondPrivacy & Security Controls In Vendor Management Al Raymond
Privacy & Security Controls In Vendor Management Al Raymondspencerharry
 
Data analytics and audit coverage guide
Data analytics and audit coverage guideData analytics and audit coverage guide
Data analytics and audit coverage guideCenapSerdarolu
 
Segregation of Duties Solutions
Segregation of Duties SolutionsSegregation of Duties Solutions
Segregation of Duties SolutionsAhmed Abdul Hamed
 
Governance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesGovernance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesCapgemini
 
Key Challenges Facing Vendor Risk Management Programs
Key Challenges Facing Vendor Risk Management ProgramsKey Challenges Facing Vendor Risk Management Programs
Key Challenges Facing Vendor Risk Management ProgramsColleen Beck-Domanico
 
Business Impact Analysis - The Most Important Step during BCMS Implementation
Business Impact Analysis - The Most Important Step during BCMS ImplementationBusiness Impact Analysis - The Most Important Step during BCMS Implementation
Business Impact Analysis - The Most Important Step during BCMS ImplementationPECB
 
Prof- Hernan Huwyler, MBA CPA ISO 37002 Roadmap
Prof- Hernan Huwyler, MBA CPA ISO 37002 RoadmapProf- Hernan Huwyler, MBA CPA ISO 37002 Roadmap
Prof- Hernan Huwyler, MBA CPA ISO 37002 RoadmapHernan Huwyler, MBA CPA
 
Implementing Robust AML/CFT Monitoring Solutions
Implementing Robust AML/CFT Monitoring SolutionsImplementing Robust AML/CFT Monitoring Solutions
Implementing Robust AML/CFT Monitoring SolutionsFrancois Combrinck CBAP
 
Sudarsan Jayaraman - Open information security management maturity model
Sudarsan Jayaraman - Open information security management maturity modelSudarsan Jayaraman - Open information security management maturity model
Sudarsan Jayaraman - Open information security management maturity modelnooralmousa
 
Assessing the Impact of a Disruption: Building an Effective Business Impact A...
Assessing the Impact of a Disruption: Building an Effective Business Impact A...Assessing the Impact of a Disruption: Building an Effective Business Impact A...
Assessing the Impact of a Disruption: Building an Effective Business Impact A...PECB
 
Information System audit
Information System auditInformation System audit
Information System auditPratapchandra
 
Life of the software - SDLC
Life of the software - SDLCLife of the software - SDLC
Life of the software - SDLCBharath Rao
 
Governance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionGovernance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionRishabh Software
 
Continuous Transaction Monitoring Detect and analyze anomalous transactions t...
Continuous Transaction Monitoring Detect and analyze anomalous transactions t...Continuous Transaction Monitoring Detect and analyze anomalous transactions t...
Continuous Transaction Monitoring Detect and analyze anomalous transactions t...Genpact Ltd
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditingDamilola Mosaku
 

What's hot (20)

Privacy & Security Controls In Vendor Management Al Raymond
Privacy & Security Controls In Vendor Management Al RaymondPrivacy & Security Controls In Vendor Management Al Raymond
Privacy & Security Controls In Vendor Management Al Raymond
 
Data analytics and audit coverage guide
Data analytics and audit coverage guideData analytics and audit coverage guide
Data analytics and audit coverage guide
 
Segregation of Duties Solutions
Segregation of Duties SolutionsSegregation of Duties Solutions
Segregation of Duties Solutions
 
Governance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesGovernance, Risk, and Compliance Services
Governance, Risk, and Compliance Services
 
it grc
it grc it grc
it grc
 
Key Challenges Facing Vendor Risk Management Programs
Key Challenges Facing Vendor Risk Management ProgramsKey Challenges Facing Vendor Risk Management Programs
Key Challenges Facing Vendor Risk Management Programs
 
008.itsecurity bcp v1
008.itsecurity bcp v1008.itsecurity bcp v1
008.itsecurity bcp v1
 
Business Impact Analysis - The Most Important Step during BCMS Implementation
Business Impact Analysis - The Most Important Step during BCMS ImplementationBusiness Impact Analysis - The Most Important Step during BCMS Implementation
Business Impact Analysis - The Most Important Step during BCMS Implementation
 
Prof- Hernan Huwyler, MBA CPA ISO 37002 Roadmap
Prof- Hernan Huwyler, MBA CPA ISO 37002 RoadmapProf- Hernan Huwyler, MBA CPA ISO 37002 Roadmap
Prof- Hernan Huwyler, MBA CPA ISO 37002 Roadmap
 
Simplifying IT GRC
Simplifying IT GRCSimplifying IT GRC
Simplifying IT GRC
 
Implementing Robust AML/CFT Monitoring Solutions
Implementing Robust AML/CFT Monitoring SolutionsImplementing Robust AML/CFT Monitoring Solutions
Implementing Robust AML/CFT Monitoring Solutions
 
Sudarsan Jayaraman - Open information security management maturity model
Sudarsan Jayaraman - Open information security management maturity modelSudarsan Jayaraman - Open information security management maturity model
Sudarsan Jayaraman - Open information security management maturity model
 
Assessing the Impact of a Disruption: Building an Effective Business Impact A...
Assessing the Impact of a Disruption: Building an Effective Business Impact A...Assessing the Impact of a Disruption: Building an Effective Business Impact A...
Assessing the Impact of a Disruption: Building an Effective Business Impact A...
 
Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management
 
Information System audit
Information System auditInformation System audit
Information System audit
 
3c 2 Information Systems Audit
3c 2 Information Systems Audit3c 2 Information Systems Audit
3c 2 Information Systems Audit
 
Life of the software - SDLC
Life of the software - SDLCLife of the software - SDLC
Life of the software - SDLC
 
Governance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionGovernance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management Solution
 
Continuous Transaction Monitoring Detect and analyze anomalous transactions t...
Continuous Transaction Monitoring Detect and analyze anomalous transactions t...Continuous Transaction Monitoring Detect and analyze anomalous transactions t...
Continuous Transaction Monitoring Detect and analyze anomalous transactions t...
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditing
 

Viewers also liked

EY Human Capital Conference 2012: Global Employee Mobility - Managing vendors...
EY Human Capital Conference 2012: Global Employee Mobility - Managing vendors...EY Human Capital Conference 2012: Global Employee Mobility - Managing vendors...
EY Human Capital Conference 2012: Global Employee Mobility - Managing vendors...EY
 
Vendor Management - Compliance Checklist Manifesto Series
Vendor Management - Compliance Checklist Manifesto SeriesVendor Management - Compliance Checklist Manifesto Series
Vendor Management - Compliance Checklist Manifesto SeriesContinuity Control
 
PCI DSS and PA DSS Version 3.0 Changes
PCI DSS and PA DSS Version 3.0 Changes PCI DSS and PA DSS Version 3.0 Changes
PCI DSS and PA DSS Version 3.0 Changes ControlCase
 
Log monitoring and file integrity monitoring
Log monitoring and file integrity monitoringLog monitoring and file integrity monitoring
Log monitoring and file integrity monitoringControlCase
 
PCI Compliance in the Cloud
PCI Compliance in the CloudPCI Compliance in the Cloud
PCI Compliance in the CloudControlCase
 
ControlCase Data Discovery and PCI DSS
ControlCase Data Discovery and PCI DSSControlCase Data Discovery and PCI DSS
ControlCase Data Discovery and PCI DSSControlCase
 
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECVendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECKimberly Simon MBA
 
Ariba Knowledge Nuggets - Developing a Successful Supplier Enablement Program
Ariba Knowledge Nuggets - Developing a Successful Supplier Enablement ProgramAriba Knowledge Nuggets - Developing a Successful Supplier Enablement Program
Ariba Knowledge Nuggets - Developing a Successful Supplier Enablement ProgramSAP Ariba
 
Health Insurance Portability and Accountability Act (HIPAA) Compliance
Health Insurance Portability and Accountability Act (HIPAA) ComplianceHealth Insurance Portability and Accountability Act (HIPAA) Compliance
Health Insurance Portability and Accountability Act (HIPAA) ComplianceControlCase
 
Smarter Supplier Management – Improving Supplier Performance Through Better C...
Smarter Supplier Management – Improving Supplier Performance Through Better C...Smarter Supplier Management – Improving Supplier Performance Through Better C...
Smarter Supplier Management – Improving Supplier Performance Through Better C...SAP Ariba
 
Making Compliance Business as Usual
Making Compliance Business as UsualMaking Compliance Business as Usual
Making Compliance Business as UsualControlCase
 
PCI DSS & PA DSS Version 3.0 Changes Webinar
PCI DSS & PA DSS Version 3.0 Changes WebinarPCI DSS & PA DSS Version 3.0 Changes Webinar
PCI DSS & PA DSS Version 3.0 Changes WebinarControlCase
 
Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001
Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001
Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001ControlCase
 
Continual Compliance Monitoring– PCI DSS, HIPAA, FERC/NERC, EI3PA, ISO 27001 ...
Continual Compliance Monitoring– PCI DSS, HIPAA, FERC/NERC, EI3PA, ISO 27001 ...Continual Compliance Monitoring– PCI DSS, HIPAA, FERC/NERC, EI3PA, ISO 27001 ...
Continual Compliance Monitoring– PCI DSS, HIPAA, FERC/NERC, EI3PA, ISO 27001 ...ControlCase
 
PCI DSS 2.0 Detailed Introduction
PCI DSS 2.0 Detailed IntroductionPCI DSS 2.0 Detailed Introduction
PCI DSS 2.0 Detailed IntroductionControlCase
 
PCI Compliance in Cloud
PCI Compliance in CloudPCI Compliance in Cloud
PCI Compliance in CloudControlCase
 

Viewers also liked (17)

EY Human Capital Conference 2012: Global Employee Mobility - Managing vendors...
EY Human Capital Conference 2012: Global Employee Mobility - Managing vendors...EY Human Capital Conference 2012: Global Employee Mobility - Managing vendors...
EY Human Capital Conference 2012: Global Employee Mobility - Managing vendors...
 
Vendor Management - Compliance Checklist Manifesto Series
Vendor Management - Compliance Checklist Manifesto SeriesVendor Management - Compliance Checklist Manifesto Series
Vendor Management - Compliance Checklist Manifesto Series
 
Vendor Management
Vendor ManagementVendor Management
Vendor Management
 
PCI DSS and PA DSS Version 3.0 Changes
PCI DSS and PA DSS Version 3.0 Changes PCI DSS and PA DSS Version 3.0 Changes
PCI DSS and PA DSS Version 3.0 Changes
 
Log monitoring and file integrity monitoring
Log monitoring and file integrity monitoringLog monitoring and file integrity monitoring
Log monitoring and file integrity monitoring
 
PCI Compliance in the Cloud
PCI Compliance in the CloudPCI Compliance in the Cloud
PCI Compliance in the Cloud
 
ControlCase Data Discovery and PCI DSS
ControlCase Data Discovery and PCI DSSControlCase Data Discovery and PCI DSS
ControlCase Data Discovery and PCI DSS
 
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECVendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
 
Ariba Knowledge Nuggets - Developing a Successful Supplier Enablement Program
Ariba Knowledge Nuggets - Developing a Successful Supplier Enablement ProgramAriba Knowledge Nuggets - Developing a Successful Supplier Enablement Program
Ariba Knowledge Nuggets - Developing a Successful Supplier Enablement Program
 
Health Insurance Portability and Accountability Act (HIPAA) Compliance
Health Insurance Portability and Accountability Act (HIPAA) ComplianceHealth Insurance Portability and Accountability Act (HIPAA) Compliance
Health Insurance Portability and Accountability Act (HIPAA) Compliance
 
Smarter Supplier Management – Improving Supplier Performance Through Better C...
Smarter Supplier Management – Improving Supplier Performance Through Better C...Smarter Supplier Management – Improving Supplier Performance Through Better C...
Smarter Supplier Management – Improving Supplier Performance Through Better C...
 
Making Compliance Business as Usual
Making Compliance Business as UsualMaking Compliance Business as Usual
Making Compliance Business as Usual
 
PCI DSS & PA DSS Version 3.0 Changes Webinar
PCI DSS & PA DSS Version 3.0 Changes WebinarPCI DSS & PA DSS Version 3.0 Changes Webinar
PCI DSS & PA DSS Version 3.0 Changes Webinar
 
Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001
Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001
Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001
 
Continual Compliance Monitoring– PCI DSS, HIPAA, FERC/NERC, EI3PA, ISO 27001 ...
Continual Compliance Monitoring– PCI DSS, HIPAA, FERC/NERC, EI3PA, ISO 27001 ...Continual Compliance Monitoring– PCI DSS, HIPAA, FERC/NERC, EI3PA, ISO 27001 ...
Continual Compliance Monitoring– PCI DSS, HIPAA, FERC/NERC, EI3PA, ISO 27001 ...
 
PCI DSS 2.0 Detailed Introduction
PCI DSS 2.0 Detailed IntroductionPCI DSS 2.0 Detailed Introduction
PCI DSS 2.0 Detailed Introduction
 
PCI Compliance in Cloud
PCI Compliance in CloudPCI Compliance in Cloud
PCI Compliance in Cloud
 

Similar to Vendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIEC

Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECVendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECKimberly Simon MBA
 
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECVendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECControlCase
 
Secrets for Successful Regulatory Compliance Projects
Secrets for Successful Regulatory Compliance ProjectsSecrets for Successful Regulatory Compliance Projects
Secrets for Successful Regulatory Compliance ProjectsChristopher Foot
 
Vendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIECVendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIECControlCase
 
Protect Cardholder Data and Maintain PCI Compliance with PCI Penetration Testing
Protect Cardholder Data and Maintain PCI Compliance with PCI Penetration TestingProtect Cardholder Data and Maintain PCI Compliance with PCI Penetration Testing
Protect Cardholder Data and Maintain PCI Compliance with PCI Penetration TestingTraceSecurity
 
Data Center Audit Standards
Data Center Audit StandardsData Center Audit Standards
Data Center Audit StandardsKeyur Thakore
 
Information Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessInformation Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessLaura Perry
 
PCI_Presentation_OASIS
PCI_Presentation_OASISPCI_Presentation_OASIS
PCI_Presentation_OASISDermot Clarke
 
Info Security & PCI(original)
Info Security & PCI(original)Info Security & PCI(original)
Info Security & PCI(original)NCTechSymposium
 
Verizon 2014 pci compliance report
Verizon 2014 pci compliance reportVerizon 2014 pci compliance report
Verizon 2014 pci compliance reportBee_Ware
 
Verizon 2014 PCI Compliance Report
Verizon 2014 PCI Compliance ReportVerizon 2014 PCI Compliance Report
Verizon 2014 PCI Compliance Report- Mark - Fullbright
 
PCI Certification and remediation services
PCI Certification and remediation servicesPCI Certification and remediation services
PCI Certification and remediation servicesTariq Juneja
 
Risk Factory: PCI - The Essentials
Risk Factory: PCI - The EssentialsRisk Factory: PCI - The Essentials
Risk Factory: PCI - The EssentialsRisk Crew
 
pci-comp pci requirements and controls.ppt
pci-comp pci requirements and controls.pptpci-comp pci requirements and controls.ppt
pci-comp pci requirements and controls.pptgealehegn
 
Sap audit programs_and_ic_qs
Sap audit programs_and_ic_qsSap audit programs_and_ic_qs
Sap audit programs_and_ic_qsPhong Ho
 
IT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsIT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsVisionet Systems, Inc.
 
Leveraging compliance to raise the bar on security
Leveraging compliance to raise the bar on securityLeveraging compliance to raise the bar on security
Leveraging compliance to raise the bar on securityMike Lemire
 

Similar to Vendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIEC (20)

Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECVendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
 
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECVendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
 
Secrets for Successful Regulatory Compliance Projects
Secrets for Successful Regulatory Compliance ProjectsSecrets for Successful Regulatory Compliance Projects
Secrets for Successful Regulatory Compliance Projects
 
Vendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIECVendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIEC
 
Protect Cardholder Data and Maintain PCI Compliance with PCI Penetration Testing
Protect Cardholder Data and Maintain PCI Compliance with PCI Penetration TestingProtect Cardholder Data and Maintain PCI Compliance with PCI Penetration Testing
Protect Cardholder Data and Maintain PCI Compliance with PCI Penetration Testing
 
PCI-DSS for IDRBT
PCI-DSS for IDRBTPCI-DSS for IDRBT
PCI-DSS for IDRBT
 
Data Center Audit Standards
Data Center Audit StandardsData Center Audit Standards
Data Center Audit Standards
 
Information Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessInformation Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your Business
 
PCI_Presentation_OASIS
PCI_Presentation_OASISPCI_Presentation_OASIS
PCI_Presentation_OASIS
 
Info Security & PCI(original)
Info Security & PCI(original)Info Security & PCI(original)
Info Security & PCI(original)
 
Verizon 2014 pci compliance report
Verizon 2014 pci compliance reportVerizon 2014 pci compliance report
Verizon 2014 pci compliance report
 
Verizon 2014 PCI Compliance Report
Verizon 2014 PCI Compliance ReportVerizon 2014 PCI Compliance Report
Verizon 2014 PCI Compliance Report
 
2016_07_22_can_you_protect_my_cc_data
2016_07_22_can_you_protect_my_cc_data2016_07_22_can_you_protect_my_cc_data
2016_07_22_can_you_protect_my_cc_data
 
PCI Certification and remediation services
PCI Certification and remediation servicesPCI Certification and remediation services
PCI Certification and remediation services
 
Risk Factory: PCI - The Essentials
Risk Factory: PCI - The EssentialsRisk Factory: PCI - The Essentials
Risk Factory: PCI - The Essentials
 
pci-comp pci requirements and controls.ppt
pci-comp pci requirements and controls.pptpci-comp pci requirements and controls.ppt
pci-comp pci requirements and controls.ppt
 
Sap audit programs_and_ic_qs
Sap audit programs_and_ic_qsSap audit programs_and_ic_qs
Sap audit programs_and_ic_qs
 
IT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsIT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet Systems
 
Integrated Compliance
Integrated ComplianceIntegrated Compliance
Integrated Compliance
 
Leveraging compliance to raise the bar on security
Leveraging compliance to raise the bar on securityLeveraging compliance to raise the bar on security
Leveraging compliance to raise the bar on security
 

More from ControlCase

Maintaining Data Privacy with Ashish Kirtikar
Maintaining Data Privacy with Ashish KirtikarMaintaining Data Privacy with Ashish Kirtikar
Maintaining Data Privacy with Ashish KirtikarControlCase
 
PCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdfPCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdfControlCase
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
Integrated Compliance Webinar.pptx
Integrated Compliance Webinar.pptxIntegrated Compliance Webinar.pptx
Integrated Compliance Webinar.pptxControlCase
 
2022-Q2-Webinar-ISO_Spanish_Final.pdf
2022-Q2-Webinar-ISO_Spanish_Final.pdf2022-Q2-Webinar-ISO_Spanish_Final.pdf
2022-Q2-Webinar-ISO_Spanish_Final.pdfControlCase
 
French PCI DSS v4.0 Webinaire.pdf
French PCI DSS v4.0 Webinaire.pdfFrench PCI DSS v4.0 Webinaire.pdf
French PCI DSS v4.0 Webinaire.pdfControlCase
 
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdfDFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdfControlCase
 
Webinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxWebinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxControlCase
 
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdfControlCase
 
Webinar-Spanish-PCI DSS-4.0.pdf
Webinar-Spanish-PCI DSS-4.0.pdfWebinar-Spanish-PCI DSS-4.0.pdf
Webinar-Spanish-PCI DSS-4.0.pdfControlCase
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdfControlCase
 
PCI DSS 4.0 Webinar Final.pptx
PCI DSS 4.0 Webinar Final.pptxPCI DSS 4.0 Webinar Final.pptx
PCI DSS 4.0 Webinar Final.pptxControlCase
 
Webinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxWebinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxControlCase
 
HITRUST Certification
HITRUST CertificationHITRUST Certification
HITRUST CertificationControlCase
 
CMMC Certification
CMMC CertificationCMMC Certification
CMMC CertificationControlCase
 
FedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceFedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceControlCase
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and CertificationControlCase
 
PCI DSS Compliance Checklist
PCI DSS Compliance ChecklistPCI DSS Compliance Checklist
PCI DSS Compliance ChecklistControlCase
 
OneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyOneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyControlCase
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance MonitoringControlCase
 

More from ControlCase (20)

Maintaining Data Privacy with Ashish Kirtikar
Maintaining Data Privacy with Ashish KirtikarMaintaining Data Privacy with Ashish Kirtikar
Maintaining Data Privacy with Ashish Kirtikar
 
PCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdfPCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdf
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdf
 
Integrated Compliance Webinar.pptx
Integrated Compliance Webinar.pptxIntegrated Compliance Webinar.pptx
Integrated Compliance Webinar.pptx
 
2022-Q2-Webinar-ISO_Spanish_Final.pdf
2022-Q2-Webinar-ISO_Spanish_Final.pdf2022-Q2-Webinar-ISO_Spanish_Final.pdf
2022-Q2-Webinar-ISO_Spanish_Final.pdf
 
French PCI DSS v4.0 Webinaire.pdf
French PCI DSS v4.0 Webinaire.pdfFrench PCI DSS v4.0 Webinaire.pdf
French PCI DSS v4.0 Webinaire.pdf
 
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdfDFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
 
Webinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxWebinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptx
 
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
 
Webinar-Spanish-PCI DSS-4.0.pdf
Webinar-Spanish-PCI DSS-4.0.pdfWebinar-Spanish-PCI DSS-4.0.pdf
Webinar-Spanish-PCI DSS-4.0.pdf
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
 
PCI DSS 4.0 Webinar Final.pptx
PCI DSS 4.0 Webinar Final.pptxPCI DSS 4.0 Webinar Final.pptx
PCI DSS 4.0 Webinar Final.pptx
 
Webinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxWebinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptx
 
HITRUST Certification
HITRUST CertificationHITRUST Certification
HITRUST Certification
 
CMMC Certification
CMMC CertificationCMMC Certification
CMMC Certification
 
FedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceFedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP Marketplace
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and Certification
 
PCI DSS Compliance Checklist
PCI DSS Compliance ChecklistPCI DSS Compliance Checklist
PCI DSS Compliance Checklist
 
OneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyOneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to Many
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance Monitoring
 

Recently uploaded

PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationLinaWolf1
 
NSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentationNSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentationMarko4394
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Sonam Pathan
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书rnrncn29
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Excelmac1
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predieusebiomeyer
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa494f574xmv
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxeditsforyah
 
Elevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New OrleansElevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New Orleanscorenetworkseo
 

Recently uploaded (20)

PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
 
NSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentationNSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentation
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predi
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptx
 
Elevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New OrleansElevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New Orleans
 

Vendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIEC

  • 1. Vendor Management– PCI DSS, ISO 27001, EI3PA, HIPAA and FFIEC By Kishor Vaswani, CEO - ControlCase
  • 2. Agenda • About PCI DSS, ISO 27001, EI3PA and HIPAA • Setting up a basic vendor management program • Challenges in the vendor management space • Q&A 1
  • 3. What is Vendor Risk Management Vendor risk management (VRM) is a comprehensive plan for identifying and decreasing potential business uncertainties and legal liabilities regarding the hiring of 3rd parties (vendors) to provide information technology (IT) products, business process outsourcing and other related services. 2
  • 4. About PCI DSS, ISO 27001, EI3PA, HIPAA and FFIEC
  • 5. What is PCI DSS? Payment Card Industry Data Security Standard: • Guidelines for securely processing, storing, or transmitting payment card account data • Established by leading payment card issuers • Maintained by the PCI Security Standards Council (PCI SSC) 3
  • 6. What is ISO 27001/ISO 27002 ISO Standard: • ISO 27001 is the management framework for implementing information security within an organization • ISO 27002 are the detailed controls from an implementation perspective 4
  • 7. What is EI3PA? Experian Security Audit Requirements: • Experian is one of the three major consumer credit bureaus in the United States • Guidelines for securely processing, storing, or transmitting Experian Provided Data • Established by Experian to protect consumer data/credit history data provided by them 5
  • 8. What is HIPAA? Health Insurance Portability & Accountability Act of 1996 & HIPAA Omnibus Rule: • Establishes administrative, physical and technical security and privacy standards • Applies to both healthcare providers and business associates (3rd parties) • Attributes responsibility for monitoring HIPAA compliance of business associates to healthcare providers • Assessment of compliance of business associates due 09/23/13 6
  • 9. Impact to Business Associates and their suppliers • Business associates must identify, assess and monitor their supporting business associates (BAs of BAs) and provide regular updates to the respective CE • BAs must establish and define (contractually) security requirements, right to audit, incident reporting clauses with their service providers • BAs must implement an effective monitoring/assessment process based on the nature of the data exchanged with service providers • Be able to show due diligence/due care with respect to monitoring their supplier’s security compliance 7
  • 10. CFPB/FFIEC/OCC Guidance • Guidance provided by Consumer Financial Protection Bureau (CFPB) – Apr 2012 • Federal Deposit Insurance Corporation (FDIC) guidance issued – Sep 2013 • Office of the Comptroller of the Currency (OCC) – Oct 2013 • All of these regulations require due diligence of vendors in various areas such as risk assessments, contracts, information security, insurance and subcontracting. 8
  • 11. Setting up a basic vendor management program
  • 12. High Level Process Register/Inventory vendors Categorize vendors Map controls to categories Create vendor risk assessment questionnaire Create master control checklist Distribute questionnaire to vendors Analyze responses and attachments Track exceptions to closure 9
  • 13. Step 1 – Register/Inventory vendors 10
  • 14. Step 2 – Categorize vendors Questions to ask - What type of data do they store, process or transmit (SSN, Card Numbers, Customer Name, Diagnosis code(s), etc.,) - Is the data in a physical and/or electronic form - What business are they in (Call Center, Recoveries, Managed Service, Software Development, Printing, Hosting) - What risk factors exist based on Geography (North America, Asia/Pacific, South America etc.) 11
  • 15. Step 2 – Categorize vendors (continued) Considerations: Less exposure of disclosure/compromise = less verification (i.e., survey only) More exposure of disclosure/compromise = more verification and validation (e.g., survey, evidence review, on-site assessment) 12
  • 16. Step 3 – Create master control checklist • Policy Management • Vendor/Third Party Management • Asset and Vulnerability Management • Change Management and Monitoring • Incident and Problem Management • Data Management • Risk Management • Business continuity Management • HR Management • Compliance Project Management 13
  • 17. Step 4 – Map controls to categories Map controls from master list to categories based on - What is relevant to the type of data being stored processed or transmitted (for e.g. if card data then PCI DSS may be relevant to check for vs. not) - What is relevant from a business perspective (e.g. call centers third parties have VOIP related controls whereas software development may not) - What is relevant from a geography perspective (e.g. background checks in USA vs. India may be different and may require testing different controls) 14
  • 18. Step 5 – Create vendor risk assessment questionnaire 15
  • 19. Step 6 – Distribute risk assessment questionnaire to vendors 16
  • 20. Step 7 - Analyze responses and attachments 17
  • 21. Step 8 – Track exceptions to closure 18
  • 22. Challenges in Vendor Management Space
  • 23. Challenges • Redundant Efforts • Cost inefficiencies • Lack of dashboard • Fixing of dispositions • Reducing budgets (Do more with less) 19
  • 25. Vendor/Third Party Management 20  Management of third parties/vendors  Self attestation by third parties/vendors  Remediation tracking  Includes BITS FISAP content Reg/Standard Coverage area ISO 27001 A.6, A.10 PCI 12 EI3PA 12
  • 26. Why Choose ControlCase? • Global Reach › Serving more than 400 clients in 40 countries and rapidly growing • Certified Resources › Shared Assessment/BITS FISAP Assessor › PCI DSS Qualified Security Assessor (QSA) › QSA for Point-to-Point Encryption (QSA P2PE) › Certified ASV vendor › Certified ISO 27001 Assessor › EI3PA Assessor › SSAE16, SOC1, SOC2, SOC3 Audits › HITRUST and HIPAA 21
  • 27. To Learn More … • Visit www.controlcase.com • Call +1 703 483 6383 (North America) • Call +57 1 678 3716 (South America) • Call +44 1276 686 048 (Europe) • Call +971 4440 5958 (Middle East & Africa) • Call +91 982 029 3399 (Asia Pacific) • Kishor Vaswani (CEO) – kvaswani@controlcase.com 22
  • 28. Thank You for Your Time