Episode 53 — Assess vendor privacy programs with risk-based due diligence
In a modern digital ecosystem, an organization's security is often only as strong as the weakest link in its third-party supply chain. This episode focuses on the process of evaluating vendor privacy programs through risk-based due diligence, using structured questionnaires and independent audit reports like SOC 2 or ISO 27001. For the GLEG exam, practitioners must understand the concept of "sub-processors" and the legal requirement to ensure that every entity in the data chain follows the same high standards. In practice, this involves creating a risk rating for each vendor based on the sensitivity and volume of data they handle for the organization. A common mistake is assuming that a large or famous vendor is automatically compliant with every local law without independent verification. By assessing your vendors with professional rigor, you fulfill your ongoing duty of care for the data, regardless of where it is physically stored or processed. Produced by BareMetalCyber.com, where you’ll find more cyber audio courses, books, and information to strengthen your educational path. Also, if you want to stay up to date with the latest news, visit DailyCyber.News for a newsletter you can use, and a daily podcast you can commute with.
