Customers can now confidently meet third-party privacy regulatory requirements while identifying and evaluating third-party cyber risks
We recently added a new Privacy section to our assessment framework so our customers can confidently understand their third party’s privacy programs and adhere to increasing privacy regulations around sharing data with third parties and vendors.
Since our platform is built on validated data and is powered by a risk exchange, organizations can move past data collection and risk assessments, and start reducing third-party cyber risk. This expanded Privacy section acknowledges the increasing overlap between security and data privacy requirements and will arm users with a comprehensive understanding of security and privacy risks associated with a particular vendor.
Despite there being broader Privacy coverage, there are fewer questions to answer, further streamlining the assessment process. Now businesses and their third-party vendors can get deeper insights into cyber and privacy risks and a more holistic view of their overall security posture.
The added Privacy content covers multiple industry frameworks including, General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Australian Privacy Principles (APP), and focuses on Data Protection Principles such as Privacy Data Identification, Privacy Governance, Privacy Data Control, and Privacy Transparency. Collectively, the assessment now offers a dual look at both third-party security and privacy and reduces the need for multiple TPCRM solutions, offering enterprises an economic and resourceful option as security budgets decrease and cyber risks increase around the world.
“We are constantly striving to help our customers build effective third-party risk management programs, while meeting and overcoming industry requirements and challenges,” said Fred Kneip, CEO of CyberGRX. “It was critical to us to work with our customers to identify how we could arm them with new insights around privacy without creating a taxing and overwhelming experience for their third parties. The expansion of the Privacy content to our assessment framework allows our customers to confidently meet regulatory requirements, while streamlining their initiatives and reducing budget.”
The expanded Privacy content creates a broader application for the market, where enterprise customers can evaluate third parties on cyber risk and now privacy data protections. Our existing customers will find that within their risk assessments, the GDPR control group has been replaced by the broadly named PRI control group. Within the PRI control group and throughout the assessment, questions have been updated to comprehensively cover privacy data protections.