When the Clock Starts: Vendor Risk Under Reg S-P
The first notice will probably show up without any context. An email from a vendor’s security team. A brief message from an account manager. A reference to “unauthorized activity” that’s still under investigation. At that moment, leadership will already be on the clock — whether anyone says so explicitly or not. Under the amended Regulation […]