When a vendor experiences an incident—whether it’s a cybersecurity breach, operational disruption, or data loss—your organization can feel the ripple effects. A strong vendor incident response process isn’t just a nice-to-have. It’s a must-have for protecting your business and customers and ensuring compliance with a growing web of legal and regulatory requirements. 

In this webinar, we’ll break down the key elements of an effective vendor incident response plan and how it relates to business continuity. Learn how to proactively prepare, respond efficiently, and collaborate with vendors to minimize risk, recover quickly, and meet critical compliance obligations.

Join us to ensure you’re ready to protect your organization by tackling vendor incidents with confidence and staying compliant in an increasingly complex regulatory landscape.

Register now to learn:

• The critical components of vendor incident response plans

• Best practices for communicating with vendors during an incident

• Steps to mitigate operational, reputational, and regulatory risks 
  How to navigate legal requirements, from notification timelines to data protection laws

• Real-world examples of incident response done right (and wrong)

This session is not eligible for CPE credit.

Apparently not everyone is aware of their DORA obligations in the US. Yes, the Digital Operational Resilience Act (DORA) applies to US-based financial services firms that have customers in the EU. DORA also applies to US-based companies that provide services to EU financial services firms.

Some folks are already aware and were ready in January and some are still trying to get there. Regardless of which category you fall into our upcoming webinar is for you. Using a phrase I heard uttered last week, “Never let a new compliance requirement go to waste” we will be discussing DORA requirements, DORA mapping to NIST CSF 2.0 and 8286 IR and most importantly how to leverage this new regulation to drive these critical imperatives:

• Integrating cyber and operational risk management through
  cyber risk quantification

• Evolving your third party risk management program to be comprehensive, holistic and financially aware

• Ensuring incident communications and response with your partners that includes financial and operational impact

• Formalizing your information sharing capabilities

Join the GRF Business Resilience Council (BRC) and Luke McNamara, Deputy Chief Analyst of Mandiant & Google Cloud, for a briefing on risks to businesses in the current geopolitical environment.

The complimentary webinar will also feature a presentation from Matt Calligan of ArmorText. Matt will brief on Salt Typhoon, navigating the contradicting recommendations coming from federal agencies in the wake of the attacks, managing risk and impacts to businesses, and implementing best practices for maintaining business-critical communication in the face of a compromised network. Register here.

The Digital Operational Resilience Act (DORA) was introduced by the European Commission to strengthen the financial sector’s cybersecurity and operational resilience across the EU. It came into force with compliance deadline of January 17, 2025.

Now that the deadline has passed, financial entities and ICT service providers must ensure they are meeting DORA’s stringent requirements, including risk management, incident reporting, resilience testing, and third-party oversight. However, many organizations still face challenges in aligning with supervisory expectations and harmonizing compliance efforts across multiple jurisdictions.

Join OneTrust solution leads and a panel of expert contributors to explore the current state of DORA requirements, lessons learned from early implementations, and best practices to stay ahead of evolving resilience requirements.

Key takeaways:

• A review of how financial entities and ICT providers have implemented DORA’s key requirements.

• Insights into the biggest compliance and risk challenges and how organizations are addressing them.

• Strategies for managing third-party risk under DORA’s oversight framework.

• Best practices to strengthen operational resilience and ensure ongoing compliance.

Unite your data privacy and third-party risk management efforts to simplify compliance, protect sensitive data, and enhance risk visibility. Join us to explore actionable strategies powered by OneTrust solutions to foster collaboration across privacy and TPRM stakeholders to better support your organizations growth, privacy, and security objectives.

Learn how to:

• Enhance your risk oversight across data privacy and TPRM programs.

• Streamline processes and workflows to reduce redundancy and cut costs.

• Leverage integrated insights to drive growth and promote resilience.

Join the Business Resilience Council for the second annual Virtual Summit on Resilience & Security. The online, multi-sector event will feature speakers discussing topics relevant to all-hazards threats, including:

• Emerging security threats

• Global supply chain risk

• Risks to business infrastructure from nation-state actors

• Third-party management and resilience

• Tackling a major service outage without operational down time

Join us for this complimentary half-day event! Registration and the Call for Presentations are now live.

If the recent CrowdStrike incident taught us anything it's that we need to drastically change how we assess our third-party service providers in the face of emerging threats and vulnerabilities. There are too many vendors to assess, compounded by the increasing volume of threats we face each year. On a normal day, TPRM teams already have too much to do. When an incident like this occurs, they need to stop what they're doing and conduct an emergency assessment -- an ugly process that overburdens companies and their vendors, and typically takes weeks, if not months. It doesn't have to be that way.

Join ProcessUnity for a 50-minute webcast on Thursday, August 1 at 11:00 AM ET as we discuss Best Practices for Threat and Vulnerability Response.

The 8th annual Summit on Security & Third-Party Risk will take place at the Palms in Las Vegas, November 3-5, 2025. Each year, the conference features dozens of speakers on third-party risk management, cloud security, emerging cybersecurity threats, and AI/machine learning threat mitigation and management. Attendees will gain an understanding of how some of the largest and most sophisticated organizations in the world are managing risk and leave the conference better armed to defend their company, regardless of its size or the status of its security or risk mitigation program.