When you share data with third-party vendors, how is this access tracked and how do you monitor this access?

Security & GRC Security Operations Center (SOC)

729 views3 Comments

ISSO and Director of the IRU in Healthcare and Biotech, 10,001+ employees

We have third party agreements and we also use data use agreements

CIO, Senior VP in Finance (non-banking), 1,001 - 5,000 employees

We are prevented from doing this by Policy. Makes it easier to say no. p.s., I wrote the policy.

Director in Software, 10,001+ employees

NDA's, contractual agreements, MSA, InfoSec agreements, Tech controls

Content you might like

Can ISO 27001 compliance be considered as benchmark for security maturity of an organization?

Governance, Risk & Compliance Security & GRC

Yes87%

No13%

156 PARTICIPANTS

1k views

If you had a magic wand - what's the #1 daily business challenge you'd eliminate?

People & Leadership Strategy & Architecture Cloud +57 more

CTO in Software, 201 - 500 employees

Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.

143 19 Replies

What services matter most (or are your favorite) in alignment with your cloud provider? i.e. Database/warehouse (like Redshift), analytics, AI/ML…

Strategy & Architecture Cloud End-User Services & Collaboration +24 more

Director of IT in Healthcare and Biotech, 501 - 1,000 employees

Overall fit of the provider's services is key in any recommendation when selecting one of the big 3 clouds for any organization. Multi-cloud is significantly more difficult than most companies realize, and selecting a ...read more

Would anyone be willing to share best practices about how their organization deals with ensuring Cookie Compliance, specifically to GDPR rules? Where should this sort of compliance review sit in an organization? The particular issue we have is who should review new web deployments that use cookies and to make the decisions on whether Cookies are Strictly Necessary or Functionality Cookies. For example is a Cookie required for a Live Chat to work Functionality or Strictly Necessary? Our Security team does not consider taking on these compliance reviews as their domain, as Cookie Compliance is not an internal security matter and the Data Protection team has a limited interest as the GDPR rules around Cookies apply in case of any Cookie being used by a website, whether or not it contains personal data.

Security & GRC Regulatory Compliance

Head of Cyber Security in Manufacturing, 501 - 1,000 employees

I would say, DPO and Security team both shall be involved and work hand in hand.

Most of the time the legals and or DPO don't have the technical acumen to understand when data is floating to third party services.

Lets ...read more

659 views1 Comment

When migrating to the cloud, what's the top security issue that concerns you?

Cloud Security & GRC

Data security52%

Shared resources/services34%

Compliance11%

Other: please specify.1%

703 PARTICIPANTS

2.6k views5 Upvotes1 Comment