BizTech Law Blog
As a business or business owner, one thing to consider when creating a cybersecurity plan, is a vendor management program. Vendor management programs can help businesses address risks that arise when working with vendors and third parties that might be receiving sensitive information or business information.
A successful vendor management program should have three parts:
- Inventory
- Assess
- Address
Inventory
What inventory means is reviewing all parties involved in the data handling of your business. This can include third-parties such as outsourced IT, cloud storage, suppliers, distributors and employee benefits providers. Some questions to consider are:
- What information is your business sending to these parties?
- How risky is that information?
- How frequently is that information being transmitted?
- What controls does your business have installed internally to address risks and further, what do you know the third party is doing to protect your data?
Doing an initial assessment of these parties is the first step in seeing how they are handling your business's, your employees' or even your customers' data.
Assess
The second step is to develop a questionnaire that uses targeted, tailored questions that are designed to gauge the risks that might arise with the transfer of information. We find that many businesses usually fear sending out these types of questionnaires as they are concerned that it may hurt the relationship between themselves and the vendor.
It should not however be viewed as an audit or an intense back and forth, but rather as a good opportunity to learn more about the vendor and create a positive experience. Once they have had a chance to answer your questions, compare their answers to industry standards, regulatory requirements and risk levels to come up with something that is going to add value to your business's understanding of how it is working with these parties.
To learn more about vendor management, click the thumbnail below to view the video in its entirety. The following video features Foster Swift business attorney Taylor Gast on the steps that businesses should consider taking when using vendors to manage their data.
This video is for general information purposes and IS NOT LEGAL ADVICE. If you seek legal counsel or need help in determining how this information applies to a specific situation, contact a Foster Swift business & tax attorney before taking any action.
ShareholderTaylor helps businesses and business owners solve and prevent problems as a member of Foster Swift's Business and Tax practice group. He handles business formation and transactions, tax controversies, employee benefits, and ...
