The security of your data being held, processed or transmitted by a third party is always a security risk. Essentially, you have to trust an organization other than your own with the security and care of your data.

The third party or business partner could perform security up to or even beyond your standards, but there’s always the possibility for negligence. If there’s even the slightest concern that a third party is being careless with the security of your organization’s data, you should act immediately.

Before giving your data to a third party or business partner, there should be a thorough review of the partner and how it performs security. This can include security questionnaires, on-site visits, audits of the third party’s environment and a review of its regulatory certifications. Vendor management has become one of the largest areas of concern when it comes to data governance, and it’s a growing risk if due diligence isn’t done upfront. Read more of my article at the link below:

http://searchsecurity.techtarget.com/answer/What-should-you-do-when-third-party-compliance-is-failing