"Third parties are a common entry point for cyber attacks. This is something you really want to make sure you have under control."

Notable Moments

[00:01:15] Third-party due diligence and security reviews.

[00:03:25] How regulatory requirements like HIPAA, PCI DSS, GDPR shape due diligence.

[00:05:28] Ongoing monitoring and review expectations.

[00:06:19] Physical access risks: background checks for on-site vendor personnel.

[00:07:44] Company's responsibility to vet vendors, especially as AI evolves.

[00:09:42] What documentation to request and how to evaluate red flags.

[00:12:27] Common red flags: incomplete training, high-severity pen-test findings, litigation.

[00:17:07] Dawn-Marie's "core four" steps for starting a third-party review program.

In this episode Dawn-Marie Dalsass, Compliance and Risk Management Director at Redox, discusses the truth behind third-party security. Our conversation exposes the hidden gaps organizations overlook and the simple first steps that make all the difference. Take a listen to hear common red flags, documentation to request, review frequency, financial and operational considerations, and the surprising basics every organization should verify before engaging a vendor.

Resources

www.redoxengine.com

Past Podcast Episodes

https://redoxengine.com/solutions/platform-security

Have feedback or a topic suggestion? Submit it using this linked form.

Matt Mock mmock@redoxengine.com