Diligence on third parties is a cornerstone of any cybersecurity program given the risk vendors pose, and now regulations such as GDPR and CCPA specifically address what companies need to do to vet and monitor their vendors. In this guest article, Moses and Singer attorneys Linda Malek, Jason Johnson and Nora Lawrence Schmitt provide strategies for vetting third parties, structuring contractual agreements and conducting ongoing monitoring. They also examine the costs of violations in light of these new regulatory requirements. See our series on mantaining secure third-party relationships: “Understanding the Risks” (Jun. 20, 2018); “Addressing the Issues” (Jun. 27, 2018).