BizTech Law Blog Banner

BizTech Law Blog

Using Vendor Management to Protect Your Business's Data
Posted by:

As a business or business owner, one thing to consider when creating a cybersecurity plan, is a vendor management program. Vendor management programs can help businesses address risks that arise when working with vendors and third parties that might be receiving sensitive information or business information.

A successful vendor management program should have three parts:

  1. Inventory
  2. Assess
  3. Address

Inventory

What inventory means is reviewing all parties involved in the data handling of your business. This can include third-parties such as outsourced IT, cloud storage, suppliers, distributors and employee benefits providers. Some questions to consider are:

  • What information is your business sending to these parties?
  • How risky is that information?
  • How frequently is that information being transmitted?
  • What controls does your business have installed internally to address risks and further, what do you know the third party is doing to protect your data?

Doing an initial assessment of these parties is the first step in seeing how they are handling your business's, your employees' or even your customers' data.

Assess 

The second step is to develop a questionnaire that uses targeted, tailored questions that are designed to gauge the risks that might arise with the transfer of information. We find that many businesses usually fear sending out these types of questionnaires as they are concerned that it may hurt the relationship between themselves and the vendor. 

It should not however be viewed as an audit or an intense back and forth, but rather as a good opportunity to learn more about the vendor and create a positive experience. Once they have had a chance to answer your questions, compare their answers to industry standards, regulatory requirements and risk levels to come up with something that is going to add value to your business's understanding of how it is working with these parties.

Attorney SpeakingTo learn more about vendor management, click the thumbnail below to view the video in its entirety. The following video features Foster Swift business attorney Taylor Gast on the steps that businesses should consider taking when using vendors to manage their data.

This video is for general information purposes and IS NOT LEGAL ADVICE. If you seek legal counsel or need help in determining how this information applies to a specific situation, contact a Foster Swift business & tax attorney before taking any action.

Authors

Categories

Recent Posts

Jump to Page

Foster Swift Collins & Smith PC Cookie Preference Center

Your Privacy

When you visit our website, we use cookies on your browser to collect information. The information collected might relate to you, your preferences, or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. For more information about how we use Cookies, please see our Privacy Policy.

Strictly Necessary Cookies

Always Active

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Functional Cookies

Always Active

Some functions of the site require remembering user choices, for example your cookie preference, or keyword search highlighting. These do not store any personal information.

Form Submissions

Always Active

When submitting your data, for example on a contact form or event registration, a cookie might be used to monitor the state of your submission across pages.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek