dcsimg

10 Best Practices for Sharing Sensitive Information with Vendors

  • 10 Best Practices for Sharing Sensitive Information with Vendors-

    Don't Create Generic Security Expectations

    Don't create a generic expectation for security. You've probably heard of companies requiring their vendors to provide an "adequate" level of security. This is not a good practice, because "adequate" can be interpreted many different ways. You have to be clear about expectations in regard to security if you want to decrease your chances of third-party security issues. Ideally, you should cite an industry standard like ISO27001, NIST800-53, or the PCI data security standards.

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13

10 Best Practices for Sharing Sensitive Information with Vendors

  • 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13
  • 10 Best Practices for Sharing Sensitive Information with Vendors-7

    Don't Create Generic Security Expectations

    Don't create a generic expectation for security. You've probably heard of companies requiring their vendors to provide an "adequate" level of security. This is not a good practice, because "adequate" can be interpreted many different ways. You have to be clear about expectations in regard to security if you want to decrease your chances of third-party security issues. Ideally, you should cite an industry standard like ISO27001, NIST800-53, or the PCI data security standards.

Deloitte published a report recently, noting that "the market is currently underinvested in the area of vendor management, particularly when it comes to tools, methods and processes." This same report also noted that businesses are increasingly outsourcing functions. As vendors have become more important in the day-to-day functioning of businesses, companies need to ensure that their data is safe on these third-party networks.

For organizations that are just getting started with a formalized vendor risk management (VRM) program, BitSight Technologies has prepared a list of the do's and don'ts of sharing sensitive information with vendors.