Cyber Business Support helps organisations find and implement ways to reduce the burden of achieving and maintaining compliance to regulation like GDPR. By leveraging industry-leading tools and our knowledge combining business process and technology, we quickly deploy solutions to address associated challenges. Focusing today on the problems of auditing third-parties and Thursday, keeping internal systems in compliance, we look at how Cyber Business Support can adopt cost-saving measures to gain maturity in these areas.
Third-Party Compliance using Security Assessment Questionnaire.
Organizations must manage risk from third parties such as contractors and suppliers, and from internal staffers and teams, as part of their compliance program for the EU’s General Data Protection Regulation (GDPR). The need to manage vendor risk in particular is stressed repeatedly throughout the text of the GDPR, a strict and broad regulation. GDPR applies to any organization worldwide that controls and processes personal data of EU residents, whose security and privacy the regulation is designed to defend.
In GDPR terms, “data controllers” must vet the “data processors” that they share EU customer information with, and thus assume joint responsibility for what happens to it. Your organization is liable if one of your third parties gets breached for failing to adhere to GDPR requirements and your EU customers’ personal data gets compromised. GDPR states that controllers “shall use only processors providing sufficient guarantees to implement appropriate technical and organizational measures” and stresses that controllers must detail in contracts how their processors will handle customer data. The Qualys Security Assessment Questionnaire service can help you enhance these foundation security practices so you can shrink your risk of data breaches that could put you at risk of a significant fine.
Key features include :
Intuitive interface with questionnaire distribution to multiple vendors#Multi-campaign support and tracking
“Out of the box” templates with question gating and scoring
Multi-user interface supporting segregation of duties
Question classification
Leverage SAQ for your GDPR compliance
With SAQ, you can adopt a uniform, automated process — including design of questionnaires, distribution of surveys and tracking of campaigns — that every department in your organization can follow to do frequent and in-depth assessments of GDPR compliance.
In summary, Qualys gives you single-pane visibility of your risk both internally, and across third-party data processors, helping your organization maintain continuous visibility of their GDPR compliance state.
In our next post in this blog series, we’ll look into the importance for GDPR compliance of assessing the security configurations of IT systems throughout your network.
Lookout for our second part of this solution on Thursday as we look at how Quays Policy Compliance can help with GDPR and other regulations.
If you would like to see a demonstration of these services in action or work with us to appreciate if these tools can help your organisation, please get in touch or respond to this message.
Credit: Pushpak Pradhan, Qualys Product Manager