.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
Vendor Risk Management: Information Security Responsibilities
by Andrew Paull on January 29, 2020 at 3:30 PM
Welcome back! This article serves as part two in my Vendor Risk Management blog series, continuing the discussion on some important factors of creating and renewing third-party contracts.
Vendor Risk Management: Importance of Service Level Agreements
by Andrew Paull on November 13, 2019 at 1:00 PM
Every organization, at one point or another, regardless of maturity, complexity, or business vertical, will have a need to work with a vendor, partner, or client to move business goals forward and maintain functional operations. Although vendors, partners, and clients have different r …
Vendor Management Programs to Prevent Data Disasters
by CJ Hurd on October 23, 2019 at 1:00 PM
If you’ve read any of my prior blog posts, you will know that my background prior to joining Compass IT Compliance included 21 active duty years in the United States Coast Guard. I seem to talk about it quite a bit. One of the perks, depending on where they are sending you, is getting …
The Key to Vendor Management: Truly Knowing Your Vendors!
by Geoff Yeagley on February 9, 2017 at 10:05 AM
In today's business climate, using vendors or third-party service providers is no longer a luxury, it has become a necessity. Organizations "outsource" key business functions every day for many reasons, some of which include:
Vendor Management Requirements for Financial Institutions in New York
by Geoff Yeagley on December 12, 2016 at 9:29 AM
I recently wrote a blog post that discussed legislation in the State of New York that is set to take effect on January 1, 2017. This legislation will effect all financial institutions in the state around Cybersecurity and the development of a formal Cybersecurity program. Click here t …
FFIEC Guidance: Revision vs. Update
by Geoff Yeagley on December 8, 2015 at 10:00 AM
When it comes to technology, we hear of terms that are often times confused and interchanged. Some examples of these terms might include Vulnerability Scanning and Penetration Testing. Another example might be the age old debate of Risk Assessment versus Audit. While seemingly similar …