Michelle Reed Quoted in The Cybersecurity Law Report on Coordination Between Legal and IS Teams on Vendor Assessments
Contact:
The Cybersecurity Law Report has quoted Michelle Reed, co-leader of the cybersecurity, privacy, and data protection practice at Akin Gump, in the article “When and How Legal and Information Security Should Engage on Cyber Strategy: Assessments and Incident Response (Part Three of Three).”
Reed addressed coordination between the legal and security teams on vendor assessments and in the M&A context, admitting that there is room for improvement. They seem to be operating on “two parallel fronts,” she said, noting that there is certainly “more communication needed in this area because the third-party assessment is the Achilles’ heel of any company.”
Compounding the problems, Reed added, is that some organizations have not looked at their third-party vendor contracts in as long as 10 years ago. She said these teams need to focus on improving this issue, “particularly with the GDPR (General Data Protection Regulation) coming into play,” as many organizations that have European footprints or are direct-marketing European nationals will have more significant risk profiles.
Reed also suggested that the information security team meets with privacy and legal officials to come up with “a core vendor due diligence process that incorporates all of the technical and legal issues each team is concerned about.” At the same time, however, she pointed out that the process “needs to be scalable because there’s certainly varying levels of diligence required for different vendors.”
Finally, Reed said legal and technical teams need to work together, despite what could be different approaches. Much of their differences, however, can be resolved “through disclosures, consent, and proper implementation of monitoring. Every company has to have some sort of insider threat monitoring. It’s reckless to not have that kind of protection,” she suggested.
For a summary of Reed’s comments in part two of the series, please click here.