614-322-2222 or 877-770-8324

If Your Third-Party Vendor is not Cyber Compliant, Neither are You

Sep

2

If Your Third-Party Vendor is not Cyber Compliant, Neither are You

A Modern-Day Task to Do

It is 2022 and you are reporting your third-party contractor’s compliance to your own legal department. Your management team is reporting your adherence to NIST, ISO, HIPAA, PCI or more to your customers who are required to adhere to one or more of these regulations or requirements. How to Ensure Vendor Compliance (businesscredentialingservices.com)

A Modern-Day Dilemma

When you investigate the Federal Whistleblowing cases, enterprises have been caught committing fraud when they realize they have been using non-compliant, non-certified, and untrained third-party contractors that interact with their data. When you read their cybersecurity insurance application, SOC-2 reports, HIPAA audits, they have falsified the following which is open to investigation for the next 6 years. Cybersecurity: A Whistleblower’s Paradise

Modern Day Examples

  • Data security risks are taken in violation of the corporate Risk Assessment, 10-K, and government contracts
  • Placing critical data at risk in direct contradiction of the organization’s Data Security policies
  • Used an ITAD recycler / third-party vendor that is not Cybersecurity Framework certified in violation of your own CSF requirements
  • Did not inspect the non-compliant third-party processing facility
  • Sent data offsite to a contractor without the legal permissions
  • Lower-level executive approves a vendor without the legal permissions
  • Performed the work using DIY techniques but has no proof the task was done to standard
  • No evidence of verification required by industry and government standard
  • Internal and external auditor in collusion not to report the infractions

Cybersecurity Whistleblowers can collect 30% of the fines levied against those committing infractions.

Modern Day Compliance to Industry, Federal and State Regulations

Today because of GDPR, NIST, ZTA, CCPA and IRS 1075, Meeting IRS Safeguards Audit Requirements | Internal Revenue Service cybersecurity assessors from the government GAO, IRS, DoD, NERC, PCI, HIPAA or more will examine you and your contractors, and all the subcontractors they use. It is your responsibility to prove the compliance of your entire supply chain and ignore a supplier’s embellishments on their website telling of their fictitious data governance.

Modern Day Data Control

  • The Data Destruction process must meet your Risk Assessment requirements
  • Data Destruction must occur under your control per Federal, State and Industry regulations
  • Vendor must be Cybersecurity Framework certified per Federal, State and Industry regulations
  • You must follow data destruction techniques based upon your published Data Classification Policy
  • Data destruction by the Sanitizer must be Verified by a second individual in every instant
  • Certificates of Destruction must be complete and meet NIST 800-88 requirements

 

The Modern-Day Solution is the Patented Tear-A-Byte® Track – Contain – Destroy – Verify Method

The answer to your cybersecurity control challenge is the ISO, NIST and NAID certified TechR2’s Patented Tear-A-Byte solution. Data and Hard Drive Shredding Tracking Destruction Containment Service (techr2.com). All TechR2 products and services incorporate Zero Trust Architecture data security techniques. Zero Trust Model – TechR2.

Contact TechR2

TechR2’s NEW Data Destruction as a Service (DDaaS) is the future model and the archaic ITAD processes are dead. DDaaS Data Destruction as a Service – TechR2.

Contact Sepp Rajaie to learn more. Contact our experienced TechR2 staff.