In response to news of millions of mortgage and bank loan documents exposed by Ascension, a data and analytics serving the financial industry which (as part of its core services) converts paper documents into readable digital optical character recognition (OCR) files, an expert on third party risk management with Shared Assessments offers perspective.
Expert Comments Below:
Mike Jordan, CISSP, CRISC, CTPRP, Senior Director at The Shared Assessments Program:
“This brings to mind one of the complexities in Third Party Risk Management. At least one of the banks affected wasn’t even a customer of the company allegedly responsible for this data leak. Hacked subcontractors or downstream service providers can harm companies that have no business relationship with each other. Even individuals can be affected by parties of which they have no explicit relationship, such as credit bureaus and data brokers.
“Because of this, the need for collaboration in Third Party Risk Management is apparent. A complex network of threats demands a strong network of organizations that develop and share knowledge, practices, and standardized expectations for all third parties.”
Mike and other Shared Assessments experts can answer questions or provide additional thoughts. FYI as background, Shared Assessments is globally recognized as the world’s top authority in managing and protecting against third party risk. Its members’ collective intelligence drives third party risk management tools, education and certifications, best practices and research, which are also used by non-member companies, public sector entities and other organizations worldwide to manage risk and ensure compliance and data privacy.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.