Vendor Risk Management for Law Firms: 7 Steps to Success | Law.com

Like Law firms, defense and space contractors are also the custodians for highly confidential national security data. CEO and founder of Privva, Ishan Girdhar concludes that implementing a vendor risk management (RM) program is a critical component of a comprehensive security strategy. And maintaining a comprehensive, ANSI/EIA-649 and ISO/IEC 38500-compliant third-party vendor risk management program with a detailed security assessment process is the cost of doing business today. Following a programatic steps will ensure transparency throughout the value chain from client to vendor by setting a policy, sticking to the policy, and then communicating the policy to all stakeholders. Because vender terms and conditions can vary, a standardized security assessment process should be tailored to each vendor’s access to data and risk to your law firm—or small business as a government contractor.

About Privva - https://www.privva.com/about