The latest product updates and exciting enhancements to the Whistic Platform:

1. Customizable Data Classifications

Rather than mold your Data Risk Classification strategy to fit a set of default constraints, you can now customize your data classifications to meet your program’s demands.

Choose from among 10 different classification options. In addition, automate your vendor security reviews by assigning each vendor a corresponding renewal frequency and/or cadence.

2. Communicate with your Vendors in the Whistic Platform

The Vendor Security Alliance, long one of the forerunners in vendor risk assessments and security questionnaires, released their newest questionnaire update — the VSA CORE. As an assessment built and managed by the VSA itself, the VSA CORE questionnaire is heavily focused on vendor security partnerships and the ongoing risk levels present in cybersecurity.

Prior to releasing VSA CORE, the Vendor Security Alliance released annual updates to its VSA FULL questionnaire, making it one of the timeliest assessments available in cybersecurity. Heading into 2020, two of the biggest concerns for many security and InfoSec professionals are CCPA and GDPR regulations…

For many InfoSec teams, the end of a year means planning for new updates, thinking about new strategic initiatives, and doing an overarching audit of current processes and procedures. Heading into 2020, we thought it would be a good refresher to run through the security questionnaires Whistic supports on its best-in-class security platform and offer some insight on when each would be useful. Enjoy!

Some of the questionnaires Whistic supports


Released by the Vendor Security Alliance, the VSA FULL and VSA CORE questionnaires are highly targeted questionnaires that focus on vendor security partnerships, risk, and accessibility in cybersecurity.


Even though today’s security professionals are prepared for new compliance regulations being introduced on a regular basis, sometimes acts are passed that shake up the InfoSec community and require a little extra attention. The California Consumer Privacy Act (CCPA) is one of these laws.

Once the CCPA goes into effect on Jan. 1, 2020, any organization doing business in the state of California or collecting consumer information on any one of the nearly 40 million residents in the state will be legally required to disclose what data is being gathered and how this data is being used. …

As an HR innovation company focused on driving better hiring decisions through AI and machine learning, HireVue is used to being at the forefront of new trends and ideas. By working to close the gap between HR teams and the technology that makes their lives easier, HireVue works with customers and vendors across industries, which means that keeping this data and information secure is a top priority.

For a team that is so motivated to deliver automated processes to their clients, the internal manual processes of sending, receiving, and completing vendor security questionnaires from vendors and clients created a workflow…

As a pioneer in the financial technology services industry, Finicity has been leading the way with industry trends and best practices for going on 20 years. While this culture often celebrates innovation, it also comes with a unique set of challenges revolving around vendor security management. With more than 16,000 bank integrations, maintaining the security and compliance of client and partner data is a top priority for Finicity, so when it came time to figure out how to automate and streamline vendor risk management workflows, ensuring impeccable security was paramount.

Responding to security reviews from various third-party vendors was costing…

The North American Electric Reliability Corporation (NERC) is a regulatory authority for much of North America’s bulk power system, serving over 334 million people. They have enacted a set of regulations (CIP-013) that will go into effect on July 1, 2020.

Utility companies are scrambling to deal with these regulations, which focus primarily on the security of their cyber supply chain, comprised of third party vendors. A significant concept related to this regulation is C-SCRM — Cyber Supply Chain Risk Management.

In this article, we’ll examine what Cyber Supply Chain Risk Management is, how the NIST S-SCRM program as related…

The Whistic team is heading to the CSA Summit at (ISC)2 Security Congress 2019 and we want to see you there! From Sunday, October 27 to Tuesday, October 30, join Whistic in Orlando, FL to connect with cloud security leaders and learn more about implementing strong security strategies for the future.

As an innovative leader in the industry, Whistic is making it easier for security professionals to stay compliant with simple, straightforward assessments, like CAIQ-Lite.

There are two ways to connect with Whistic at the CSA Summit at (ISC)2 Security Congress 2019:

10/27 @ 2:50 PM — Hear Whistic VP…

The Whistic team is on the road again, and this time we’re heading for Vegas! We’ll be at the Money 20/20 conference from October 27 to October 30 to talk all things financial innovation. Stop by booth K32 in the expo hall to learn how your team can use Whistic to:

In a highly regulated industry like financial services, trust — and security — is…

Connect with the Whistic Team at ARMA InfoCon 2019

The top information security event of the year is almost here! At the ARMA InfoCon 2019 Conference, information technology leaders from around the world will come together for three days of networking, engagement, and education to help grow and shape the world of InfoSec. The Whistic team is excited to be part of this event at the Gaylord Opryland Resort in Nashville, TN, and we hope to see you there!

On Monday and Tuesday, October 21st and 22nd, stop by booth 318 and connect with the Whistic team to learn how:


Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store