[Before] Third-Party Risk Management

I was going through ISO 27001 and COBIT to understand the Third-Party (or vendors) Risk Management process in detail. And though both the frameworks provide enough guidance on ensuring the proper due diligence on the vendors, I could not find any material on what happens before the vendors are onboard – how does the Information…

Why do we need Governance Frameworks, SOC 2 Audits, & Compliance?

Yesterday I met my previous roommate who’s a Computer Science nerd and recently completed his internship at one of the best tech companies in the Valley. We met after a long time and soon after discussing how we’ve been, he asked about my work. I told him – “I am currently working on the Governance…