1. Insights
  2. News
  3. Media Mentions

Michelle Reed Quoted in The Cybersecurity Law Report on Coordination Between Legal and IS Teams on Vendor Assessments

April 18, 2018

Reading Time : 1 min
Jump to
View People Mentioned in This NewsView Related Services, Sectors, and Regions

Contact:

Jacinta O'Shea-Ramdeholl

Director of Communications

Send Email
+1 212.407.3080

Sarah Richmond

Senior Communications Manager

Send Email
+1 202.416.5150

The Cybersecurity Law Report has quoted Michelle Reed, co-leader of the cybersecurity, privacy, and data protection practice at Akin Gump, in the article “When and How Legal and Information Security Should Engage on Cyber Strategy: Assessments and Incident Response (Part Three of Three).”

Reed addressed coordination between the legal and security teams on vendor assessments and in the M&A context, admitting that there is room for improvement. They seem to be operating on “two parallel fronts,” she said, noting that there is certainly “more communication needed in this area because the third-party assessment is the Achilles’ heel of any company.”

Compounding the problems, Reed added, is that some organizations have not looked at their third-party vendor contracts in as long as 10 years ago. She said these teams need to focus on improving this issue, “particularly with the GDPR (General Data Protection Regulation) coming into play,” as many organizations that have European footprints or are direct-marketing European nationals will have more significant risk profiles.

Reed also suggested that the information security team meets with privacy and legal officials to come up with “a core vendor due diligence process that incorporates all of the technical and legal issues each team is concerned about.” At the same time, however, she pointed out that the process “needs to be scalable because there’s certainly varying levels of diligence required for different vendors.”

Finally, Reed said legal and technical teams need to work together, despite what could be different approaches. Much of their differences, however, can be resolved “through disclosures, consent, and proper implementation of monitoring. Every company has to have some sort of insider threat monitoring. It’s reckless to not have that kind of protection,” she suggested.

For a summary of Reed’s comments in part two of the series, please click here.

Share This Insight

Related Services, Sectors, and Regions

© 2024 Akin Gump Strauss Hauer & Feld LLP. All rights reserved. Attorney advertising. This document is distributed for informational use only; it does not constitute legal advice and should not be used as such. Prior results do not guarantee a similar outcome. Akin is the practicing name of Akin Gump LLP, a New York limited liability partnership authorized and regulated by the Solicitors Regulation Authority under number 267321. A list of the partners is available for inspection at Eighth Floor, Ten Bishops Square, London E1 6EG. For more information about Akin Gump LLP, Akin Gump Strauss Hauer & Feld LLP and other associated entities under which the Akin Gump network operates worldwide, please see our Legal Notices page.