As vendors have become more important in the day-to-day functioning of businesses, companies need to ensure that their data is safe on these third-party networks.
Do Establish an Incident Response Plan
Do establish an incident response plan. Having a procedure for your third party to notify you in an event of an incident affecting their organization and/or your data is most certainly a best practice. This is a written procedure that is usually referenced in the contract and developed by the third-party organization. It outlines who the third party is to contact if a security breach does occur. The first party is responsible for ensuring that the vendor has the right procedures in place, accurate contact information, and a clearly established timeline of when that communication will happen.