The upcoming enforcement of GDPR puts the spotlight on data governance, but what about the potential impact on vendor risk management? Jacob Olcott, Vice President of Strategic Partnerships for BitSight Technologies, discusses how to prepare for this new generation of cybersecurity regulations.
"From a vendor risk management perspective, there's actually a lot of common ground here," Olcott says of GDPR, the NIST cybersecurity framework and other newer regulations. "It begins with organizations being asked to identify who those critical third parties are ... and then to ensure that those organizations are implementing adequate or appropriate security measures during the lifetime of the business relationship."
In an interview about the regulatory impact on vendor risk management, Olcott discusses:
- Common threads in GDPR, NIST framework and other guidance;
- Greatest vendor risk vulnerabilities;
- How organizations can bridge these gaps.
Before joining BitSight, Olcott managed the cybersecurity consulting practice at Good Harbor Security Risk Management. Previously, he served as legal adviser to the Senate Commerce Committee and as counsel to the House of Representatives Homeland Security Committee. He completed his education at the University of Texas at Austin and the University of Virginia School of Law.