Partner Security Audits in a 2013 study showed third-parties are a significant operational and information risk. This creates a significant need to practice vendor security risk management.
In today’s corporate world everyone has a partner. Some are business partners others are service partners. According to statistics these partners most of the time provide information technology services or operational or administrative assistance.
When a new business partner comes on board companies have lawyers involved to ensure new partner adheres to existing policies and acts in the company’s best interest. Companies have formalized due diligence review to minimize risks.
The question is how you handle mitigating the risk associated with outsourcing from a technology and contractual standpoint. The potential risks include; risks to reputation, risks to data, compliance risk and operational risk. Which at the end of the day amount to potential financial loss.
How should you respond?
Well what we would recommend at Praetorian is including contract clauses providing the right to audit partners, assigned security responsibilities in service level agreements and sound security practices. But the only way to validate compliance is to perform partner security audit on a regular basis. This will limit risk and show due diligence on behalf of your company.
- Lawyers not security practitioners write contracts and SOW’s for these partners, but who verifies the performance and security of the new partner’s?
- How does a company assign security responsibilities to the third-party vendors?
Praetorian Secure specializes in working through ensuring your contracts and third-party security standards are appropriate and documented well in contracts. In addition, we offer partner security audit services to ensure security responsibilities are effective. We can contract on a single assignment, quarterly or yearly to review and audit partner security. As stated earlier most of the time lawyers not security people are writing contract language.
Ways we can manage the inherent risks partners create:
- Reviewing partner interconnection agreements
- Creating security standards for partners
- Helping with assigning security responsibilities in contracts
- Reviewing confidentiality agreement
- Performing risk assessment prior to contract engagement
- Third-party security audits
- Validate compliance with contracts
- Establish a plan for disconnecting the system
Call Praetorian Secure, our representatives will work with your organization to customize a solution that meets your needs.