What should you do when third-party compliance is failing?
The third party or business partner could perform security up to or even beyond your standards, but there’s always the possibility for negligence. If there’s even the slightest concern that a third party is being careless with the security of your organization’s data, you should act immediately.
Before giving your data to a third party or business partner, there should be a thorough review of the partner and how it performs security. This can include security questionnaires, on-site visits, audits of the third party’s environment and a review of its regulatory certifications. Vendor management has become one of the largest areas of concern when it comes to data governance, and it’s a growing risk if due diligence isn’t done upfront. Read more of my article at the link below:
*** This is a Security Bloggers Network syndicated blog from Frontline Sentinel authored by Matthew Pascucci. Read the original post at: http://www.frontlinesentinel.com/2017/09/what-should-you-do-when-third-party.html