When it comes to information security, all too often when entering into contracts with vendors and suppliers, the entire focus is on “show us your audit reports and security policy.” Don’t get me wrong, that information is clearly of great importance to assessing the overall security posture of the vendor. The problem is that the content of those reports and policy are of little value without real vendor responsibility if the vendor fails to comply with them, suffers a breach, mishandles its systems and data, etc.
There are four key pitfalls in vendor contracting. Unless those pitfalls are avoided, a vendor can have the absolute best security documents in the industry and still present material risk to its customers. The pitfalls identified below represent lessons learned in hundreds of transactions. In addition, they are the types of items regulators routinely identify as problematic in vendor contracts. For these reasons, when negotiating vendor agreements, don’t fall victim to these pitfalls.
To read this article in full, please click here
Support the originator by clicking the read the rest link below.
