Autodesk has an Information Security Policy. All employees have to review the policy annually and acknowledge that they have reviewed it. This applies to everyone — not just employees who develop our products and services. In addition to having everyone review the policy, the Information Security, Risk and Controls (ISRC) team conducts lunchtime lectures where they cover security-related topics. The other day, rather than go out to lunch, I attended one related to third-party security.
Audrey Nahrvar is an Information Security Engineer. James Hong is a Senior Program Manager. Their presentation was entitled “Third Party Information Security: Autodesk’s Approach.”
Here are the nuggets of information I walked away with.
As the name suggests, third parties are providers that Autodesk relies on. In terms of solutions, the customer is the first party, Autodesk is the second party, and the vendor is the third party. Risk is exposure to danger, harm, or…