Over the past ten years, every executive who has sanctioned a cybersecurity budget can detail the vendor risk process. A SaaS contract triggers a SOC 2 review, sub-processor reviews, data handling reviews, breach notification clauses, etc. NIST and ISO 27001 codify it. It is a developed field.
Read More