News and Updates

Privva Accelerates CMMC Audit Readiness

By now, anyone in the US Department of Defense supply chain should know about the new Cybersecurity Maturity Model Certification (CMMC). Knowing what to do about it is something else. The goal of CMMC is to utilize five maturity levels, ranging from Basic Cyber Hygiene to Advanced/Progressive cyber practices, to ensure information protection in the defense supply chain. A contractor’s maturity level will be used as a requirement for contract award. While a unified cybersecurity standard for DOD contracts has been needed for quite a while, the CMMC went through proposal, development and enactment in just one year. That leaves hundreds of thousands of government contractors scrambling to get p

Eliminating the Administrative Burden of Vendor Risk Assessments

Sending countless emails? Making unnecessary phone calls? If you’re tired of chasing vendors to submit your security assessment questionnaire, we hear you. Anyone tasked with leading or executing a vendor risk management program knows the administrative aspects can be a heavy lift. In most cases, it’s up to 80% of the workload! Regardless, it’s a critical function. Even slight oversights in your administrative plan or its execution can cause serious blind spots, increasing third party risk. The large number of vendors in play for most corporations makes getting this right really important, but increasingly difficult. Privva exists to streamline the entire vendor risk management program. As f

Managing 3rd Party Risk – The View Depends on Where You Sit

The sheer volume of third parties and suppliers that corporations now engage has manifested an unduly complex system of vendor security assessments. Additionally, more stakeholders, especially Senior Management and Boards, require insight into the risks and vulnerabilities that come from using outside suppliers. With different performance demands, varying regulatory obligations, and diverging levels of risk tolerance, the challenge of transparency and reporting can become a large administrative burden. Despite the overhead, the quantified analysis and insights generated from vendor security assessments is relied on throughout the organization to reduce risk and support sound decision-making.