ADT

Transcript:

Jon Elmquist – ADT Security

My name is Jon Elmquist, and I work for ADT Security out of Boca Raton. Our company provides home security systems. I work in the Third-Party Risk Management group.

We review vendors before bringing them on board—especially if they’re going to have access to our systems. Depending on the type of data they’ll handle and the kind of access they’ll have, we conduct a review, vet the companies, and perform risk assessments before allowing them to proceed.

The application we used before was extremely tedious and not user-friendly. Over the past couple of years, we’ve been revamping the process. We conduct the vetting and use a questionnaire to determine each vendor’s security posture.

Moving over to SecurityScorecard has been a much better method. It not only allows us to review vendor security—it also lets us assess our own systems, which our previous tool didn’t support.

A typical day involves performing vendor risk assessments. When a new vendor comes on board, we initiate the process and send them the questionnaire. It may take a few days for them to complete it. We also look at their general security score. In the future, we hope to refine what we look at, based on the specific nature of the vendor relationship.

SecurityScorecard helps us monitor vendors that are outside of our systems, and it also gives us visibility into our own vulnerabilities. Many vendors are under a continuous monitoring portfolio, and we’ve been able to use the tool during issues like MOVEit and the Log4j vulnerability.

The questionnaire responses themselves give us a lot of insight into a vendor’s security posture. We created the questionnaire, and the ability for vendors to fill it out directly in the application has made things much easier.

It’s definitely been advantageous in helping us mature our program. It gives us a good sense of what a company is like right from the start. Ultimately, what we do is try to keep the bad things from happening.