When you entrust business partners and vendors with your company’s confidential data, you are also entrusting them with all control of security measures for your organization’s data. That trust cannot be blind. Many recent privacy and security incidents have resulted from inadequate privacy and/or security practices within outsourced organizations handling another company’s customer or employee data.
Christopher Grillo and I discuss this topic at length in our two-day information security and privacy workshop. I just posted a paper, "Security and Privacy Contract Clause Considerations," to my Realtime IT Compliance site. This paper covers the issues we discuss in addition to a table we created for our workshop that lists the types of information security and privacy requirements that organizations should consider including within contracts with third parties. The table has been very helpful for organizations addressing outsourcing and partnering security and privacy issues, so we are making it available in the hope it will also be helpful to you.
Technorati Tags
information security
IT compliance
outsourcing security
awareness and training
regulatory compliance
privacy