Trust Center: Trust, Security, and Privacy at Whistic

November 02, 2022

It’s been a running topic of conversation in recent years that Big Brother is always listening. We always wonder how Facebook or Instagram are serving up ads for products we were talking about the other day. Was my phone listening to me or is the algorithm really that smart.

When the world is viewed through that lens, it’s no wonder that governments are clamping down on what data businesses can collect from their customers. Compliance laws like GDPR and CCPA are aimed at ensuring companies aren’t taking advantage of the data they now have access to in a world where everyone is connected and SaaS solutions are the norm.

That hyperconnectivity leaves us more vulnerable to hackers and bad actors than ever before and that’s because we have less control over security. Instead of being able to lock down our data centers we have to trust the vendors we invite into our environment to protect the data that our users trust us with.

As a result, vendor risk management programs are becoming more and more important because they help businesses ensure that SaaS vendors are taking the necessary steps to secure customer information. It’s no secret that this is the main reason why Whistic and many other companies like us exist.

But this all begs the question, if a vast majority of companies are holding their vendors' feet to the fire when it comes to information security, then why are there still so many third party security incidents? Should we be trusting what vendors tell us as it relates to their overall security and the controls they have in place?

At Whistic, we believe in creating a culture of collaboration between companies and their vendors, where security leaders transparently share both their successes and failures in an effort to build trust and learn collectively from one another. When we do this, we become stronger and more formidable against those that mean to do us harm.

One way in which Whistic is trying to accomplish this goal is by building a network wherein vendors can publish their security documentation, including completed questionnaires, certifications and audits and their customers can access that information and conduct on-demand vendor assessments. This is something we refer to as a Zero-Touch Assessment.

Being open and proactive about sharing security information and assessing vendors not only helps to streamline and accelerate the vendor assessment process, it also results in a more secure ecosystem for everyone involved.

We’re practicing what we preach. Some might think it’s oversharing, but we want you to know how we grow our user base and why this vendor security network we’re building isn’t just beneficial to our customers but to every business.

We recently launched a new Trust, Privacy, and Security page that outlines everything we’re doing to not only protect our customer data but the data of their customers and vendors that they invite onto our network to either view a Profile or complete an assessment. We want our customers to know how much we value the trust they have placed in us and don’t want to do anything to tarnish that relationship. 

As such, we are committed to never sharing that data with third parties unless customers have given us permission to do so. In addition to that, we have published our Whistic Profile publicly, containing details related to our security, privacy and compliance posture, on the Whistic Trust Catalog and on our website.

We are at the forefront of a revolution of transparency among security practitioners to help facilitate open and honest conversations about security because we know this is the only way we’re going to ultimately win the battle against bad actors.

information security cybersecurity vendor risk assessment vendor security review vendor security management

About the author

Whistic
Whistic

The latest insights and updates on information security and third party risk management.

Hate security reviews?
Want FREE AirPods?*

Offer valid for any decision-maker/influencer in relation to your company’s third-party risk management strategy. Company size must exceed 100 employees. Exclusions apply. Limit 1 pair per company.

Close