An increase in third-party regulations, along with the accompanying scrutiny from auditors, has obligated organizations to develop effective third-party risk management programs to meet regulatory compliance and deepen IT security controls.
This white paper reviews the key third-party risk management requirements in common regulatory and security frameworks, while mapping Prevalent Third-Party Risk Management capabilities to specific mandates. It covers key compliance regulations and frameworks from the US (FCPA), US DoD (CMMC), EU (GDPR, European Corporate Due Diligence Act), UK (Bribery Act, Modern Slavery Act), New York (SHIELD) and California (CCPA, Transparency in Supply Chains Act), as well as authorities including AICPA (SOC 2), CSA (CAIQ), EBA, FCA (FG 16/5), FFIEC, HHS (HIPAA), ISO, NY DFS (CRR 500), NERC, NIST, OCC, PRA, PCI, and Shared Assessments.
This is essential reading for anyone responsible for managing supply-chain compliance initiatives.