Know thy vendor’s vendor…..
Sunday, July 22, 2012

The pre-conference workshops at the Data Protection & Privacy Law Compliance Conference have begun!  The first workshop covered managing the risk of third party vendors.  An important element of ensuring the security and privacy of your vendors is finding out what vendors your vendors are using.  As we all know, you can out-source the work, but not the responsibility.  And all too often the vendors we are entrusting our information to are also using vendors, increasing the risk that a data breach will occur.   As reported in the workshop, 39% of data breaches involve information held by a third party. While a solid business practice is to include language in your vendor agreement restricting your vendor from using vendors, this often only works for the biggest of organizations.  An avenue for smaller companies is to request that your vendors provide a material list of the vendors they use and the security controls implemented by those vendors.  This will help you analyze the level of risk associated with your vendor and determine if you are in compliance with regulations applicable to your organization.   In addition, the risk level will dictate the frequency of security audits and on-site visits.  They key to managing the risk of using vendors is reducing the number of unknowns!

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins