This ACC program focused on effective information security and data privacy assessment programs for third-party vendors—including practical tips for effectively assessing information security practices and procedures of third-party vendors, such as law firms and other professional consultants — from the pros and cons of using industry-standard questionnaires to determining when onsite reviews are appropriate and how to handle subcontractors.

Third-Party Risk: Creating an Effective Information Security and Data Privacy Assessment Program for Third-party Vendors