π΅ Free Advisory: Supply Chain & Vendor Risk β What Auditors Look For in 2026
βSupply chain risk is the fastest-growing category of audit findings β and most compliance programs are not built to handle it.
βIn 2026, auditors are asking harder questions about vendors, subprocessors, and fourth-party risk than ever before. SOC 2 assessors, ISO 27001 certification bodies, and NIST-aligned programs are all tightening their expectations. If your vendor risk program was built to pass last year's audit, it may not pass this year's.
βIn this free one-hour session, I'll walk through exactly what auditors are looking for in supply chain and vendor risk programs right now β and where most organizations fall short.
βWhat we'll cover: β The vendor risk findings showing up most in 2026 audits β What "adequate" vendor oversight actually looks like to an auditor β The subprocessor and fourth-party questions you're probably not ready for β How to update an existing vendor risk program without rebuilding it β What evidence you need β and in what format
βNo slides. No pitch. Just the real picture of where auditor expectations have moved.
βWho this is for: CISOs, GRC managers, and security professionals who have a vendor risk program but aren't sure it would hold up to scrutiny β especially if you're heading into a SOC 2 renewal, ISO 27001 surveillance audit, or a new enterprise client security review.
βThis session leads into Module 4 of the GRC Builder Series β Incident Response and Metrics β coming in August.
βHosted by Meenu Chadha β founder of Cyber Advisory and fractional vCISO.
βFREE. Virtual. One hour. Register above.