On a recent episode of GRC Uncensored, host Troy Fine and producer Elliot Volkman were joined by guest Stanley Krochik, a now seasoned GRC professional and former city security program manager, to discuss the realities of third-party risk Management (TPRM). The conversation focused on the growing issue of low-quality audits, the challenge of assessing vendor security postures, and the dilemma risk managers face when reviewing third-party documentation.

04:43 The Importance of Third Party Risk Management

05:45 Challenges with Low Quality Audits

07:45 Evaluating SOC 2 Reports

12:55 Issues with Sales-Focused GRC Tools

14:44 The Need for Better Compliance Programs

27:50 High-Risk Vendor Architecture Review

29:07 SOC 2 Reports and Vendor Risk Management

31:50 Challenges with SOC 2 and Auditor Quality

36:49 Financial Impact of Data Breaches

38:10 Differences in Security Between Old and New Systems

47:43 Proactive vs. Reactive Security Measures

Hosted on Acast. See acast.com/privacy for more information.