When companies outsource technology and security solutions, the question on everyone’s mind is: When does our liability for a cyber-attack end, and my vendor's begin?
The answer is not really simple. In most industries, you can contract away a responsibility or task, but not the liability of an attack or the compliance obligations. If your organization was breached today, whose name is going to be in the news? Who are your customers going to call? Who is going to get fined and possibly sued as a result of the breach? The list of questions goes on. At the end of the day, your organization will suffer the negative publicity, the reputation damage, and financial loss of the attack, even if your vendor actually caused your incident. Then there is the other side of the equation – how do you know that your vendor can truly support your organization, perform the tasks you’ve contracted them for, or cover your losses if the breach is their fault?
Vendor risk management and due diligence is something every organization should perform carefully, and there are a number of unique issues when considering the inherent risks associated with technology and security providers.
The benefits of outsourcing are attractive for many reasons, but you need to ask yourself: Can you stake your organization’s well-being and financial stability on a vendor? If you answered no, then join us to discover:
- Weighing vendor risk and classifying critical / high risk vendors
- Imperative questions you need to ask your vendors
- Documentation to gather when outsourcing your technology and/or security solutions
- The big differences in cyber insurance
- The unique ongoing due diligence needs of outsourced technology and/or security solutions
- Critical contract provisions
This course offers a unique opportunity for attendees to develop critical risk management skills to apply immediately upon returning to the office. This is a fast-paced, highly interactive workshop where attendees will develop a risk profile and risk management strategy using one of their own current or future vendors of choice.
Complementary Handouts/ Bonus Material for Easy Implementation:
- Course materials,
- Sample profile matrix,
- Critical questions to ask your vendors,
- A sample checklist of minimum documentation requirements,
- Other valuable resources.
What to Bring: The speaker encourages you to bring a highlighter, pen, paper for additional notes, and your questions.
Learning Objectives:
- Record unique risks of vendors who support an organizations' technology and/or security solutions
- List the organization's unique critical vendors
- Develop a risk profile for a chosen critical vendor
- Inventory appropriate risk management strategies
- Assemble a plan for managing vendor risk
Areas Covered:
- Defining critical / high risk vendors
- Liability
- Risk identification
- Developing a risk profile
- Vendor due diligence before boarding
- Ongoing risk management
- Critical contract provisions
- Evidence of security
- Cybersecurity insurance
- Guidance / resources
Speaker
Rayleen M. Pirnie, AAP
CEO and Founder, RP Payments Risk Consulting Services, LLC
Rayleen is a recognized payments risk and fraud expert who works with financial institutions and businesses across the nation to help them understand today's threats and develop appropriate risk mitigation strategies. She also speaks to consumer groups revealing real-world methods to reduce the chances of devastating frauds, and law enforcement on payment system processing and evidence collection in electronic payment channels. Rayleen's areas of expertise include regulatory compliance, payment system risk management, cybercrimes, and information security.
Rayleen conveys current trends via conference presentations, blogs, and newsletter articles plus supports groups with special projects.
Prior to her leap to private consulting, Rayleen was the Director of Payments Risk & Fraud at EPCOR for 8 years. She joined EPCOR after a 10-year career as a fraud investigator in banking.
Rayleen graduated with honors from The University of Phoenix earning a Bachelor's of Science in Criminal Justice Administration and is an Accredited ACH Professional (AAP).
Rayleen enjoys gardening with the best helper in the world, her grandson. She also enjoys reading and music. She is an advocate and supporter of The Animal Rescue Alliance. Rayleen and her husband Mike currently have four adopted fur-kids of their own.
Please fill in your name and email to receive the seminar agenda of this event.
The agenda is available as PDF under downloads at the right side of the page.
Venue
The venue is not yet available for this event.
Follow this event to be informed when the venue is available and stay informed on other changes.
Who will Benefit:
Any individual responsible for managing risk related to outsourced technology and/or security vendors. Includes, but not limited to:
- Information security,
- Information technology,
- CPAs,
- Operations,
- Accounts Payable,
- Risk management,
- Risk managers,
- Business continuity,
- Top management.
Organizations:
- Financial Institutions (banks, credit unions, etc.)
- Businesses of any size
- Non-profits
Field of Study:
- Accounting: 4 CPE Credits
- Management Advisory Services: 4 CPE Credits
- Specialized Knowledge and Applications: 4 CPE Credits
- Total CPE credits earned in this workshop: 12 CPE Credits
Program Delivery Method: Group-Live
Program Level: Intermediate
Advance Preparation/Program Prerequisites: None
Venue
Venue to be confirmedMiami, FL
