Third Party Risk

A phone call or personal meeting are often crucial for success when dealing with third parties that have access to your critical or confidential data. East coast partners like morning meetings; I think they take great pleasure in doing this to us Californians to get back at us for the amazing weather we have. When we have business partners, we have to get assurance that they are practicing appropriate security and have a mature security program with good security controls. Make sure you have security standards to share with your partners, and ensure that they can follow them. These standards should cover contract language, their development environment, coding standards, ongoing assessments of their systems and processes, and much more. The last thing you want is for a breach of your data to occur and you had not done adequate assessments of your business partner.