Recent Posts

This week's Dcrypted discusses the often overlooked risk that of 3rd party risk. No matter your industry if you are using tech you should be thinking about 3rd party risk, especially in cybersecurity. Listen to the Podcast here. Guest: Ishan Girdhar Founder and CEO of Privva (starts ~11 minutes in) Creator/ Host/ Writer: Jacob Biesiada

In the modern economy, the complex network of third parties on which businesses rely results in expanded business risk. While vendor risk management has taken a greater seat at the board table, many organizations still struggle with how to appropriately assess the layers of risk that external partners impose. A useful framework for approaching it is a construct of risk pillars that reflect the strategic risk domains every business confronts. 1. Cybersecurity – Access t

FOR IMMEDIATE RELEASE June 17, 2020 ARLINGTON, VA & BALTIMORE, MD — Privva, a third-party vendor cybersecurity risk assessment and management platform, announced today a growth financing led by Squadra Ventures. Building on rapid adoption by customers in finance, insurance, legal, healthcare, and technology, the company will use the investment to fund sales and development as they enter into new industries including retail, consumer goods, manufacturing, and others with distr

Read Privva's CEO, Ishan Girdhar, recent article on Chief Privacy Officer Magazine on the how security is impacting companies in the work-from-home environment. New corporate policies are impacting how employees must manage devices and family members actions in the home. Read the article: https://www.cpomagazine.com/cyber-security/locking-down-the-house-benefits-and-risks-of-corporate-security-policies-in-employees-homes/

Wherever an organization’s vendor risk management program is in its evolution, a key to success is to simplify and streamline the entire process from vendor assessment to vendor risk review to ensure the process efficient and sustainable. This paper presents 7 key Steps that incorporate cross-industry best practices to vendor risk assessment. In this guide, you will learn how to establish a top-tier approach to managing third party risk. Business dependence on the third party

Many organizations widely accept SOC 2 reports in lieu of completing security assessments of their third parties. SOC 2 reports can often be complicated and difficult to align to the products and services provided by third parties so it’s important for organizations to ensure they have the appropriate personnel in security and/or risk management have specific domain expertise in SOC 2 reports. SOC 2 audits are not all equal and in reality, they have become an unchecked commod