News and Updates

Dcrypted Podcast: Featuring Privva CEO Ishan Girdhar

This week's Dcrypted discusses the often overlooked risk that of 3rd party risk. No matter your industry if you are using tech you should be thinking about 3rd party risk, especially in cybersecurity. Listen to the Podcast here. Guest: Ishan Girdhar Founder and CEO of Privva (starts ~11 minutes in) Creator/ Host/ Writer: Jacob Biesiada

7 Pillars of Third Party Assessments

In the modern economy, the complex network of third parties on which businesses rely results in expanded business risk. While vendor risk management has taken a greater seat at the board table, many organizations still struggle with how to appropriately assess the layers of risk that external partners impose. A useful framework for approaching it is a construct of risk pillars that reflect the strategic risk domains every business confronts. 1. Cybersecurity – Access to sensitive organizational data shared in the normal course of business poses perhaps the biggest risk in third party relationships. The Ponemon Institute’s research report Data Risk in the Third Party Ecosystem notes th

Privva Closes Investment to Accelerate Expansion of Vendor Risk Management Platform as Cybersecurity

FOR IMMEDIATE RELEASE June 17, 2020 ARLINGTON, VA & BALTIMORE, MD — Privva, a third-party vendor cybersecurity risk assessment and management platform, announced today a growth financing led by Squadra Ventures. Building on rapid adoption by customers in finance, insurance, legal, healthcare, and technology, the company will use the investment to fund sales and development as they enter into new industries including retail, consumer goods, manufacturing, and others with distributed supply chains. “Never before has the world been more aware of how vulnerable resources and goods are as they make their way across the globe — with COVID-19 it’s become clear that those compromises in the supply c

Locking Down the House: Benefits and Risks of Corporate Security Policies in Employees Homes

Read Privva's CEO, Ishan Girdhar, recent article on Chief Privacy Officer Magazine on the how security is impacting companies in the work-from-home environment. New corporate policies are impacting how employees must manage devices and family members actions in the home. Read the article:

7 Steps to Effective Vendor Risk Management

Wherever an organization’s vendor risk management program is in its evolution, a key to success is to simplify and streamline the entire process from vendor assessment to vendor risk review to ensure the process efficient and sustainable. This paper presents 7 key Steps that incorporate cross-industry best practices to vendor risk assessment. In this guide, you will learn how to establish a top-tier approach to managing third party risk. Business dependence on the third party supply chain ecosystem has never been more complex. As client, market, and regulatory pressure relentlessly increases, the risks associated with widespread reliance on third parties compounds. Supply chain risk can come

When assessing a third-party, is a SOC 2 report enough?

Many organizations widely accept SOC 2 reports in lieu of completing security assessments of their third parties. SOC 2 reports can often be complicated and difficult to align to the products and services provided by third parties so it’s important for organizations to ensure they have the appropriate personnel in security and/or risk management have specific domain expertise in SOC 2 reports. SOC 2 audits are not all equal and in reality, they have become an unchecked commodity market. Having a SOC 2 does not mean the organization or product is without risk. For example, a validation process is not in place to ensure SOC 2 audits are completed in alignment with AICPA (American Institute of