Want to make creations as awesome as this one?
Created on Thu Feb 08 2018 21:09:19 GMT+0000 (UTC)
More creations to inspire you
Other Considerations,Supply Chain,Notification,4,In case of a security incident or breach of confidentiality involving vendor access to company networks, systems, or data, contracts should require the vendor to promptly notify the company and to reasonably cooperate in the investigation.,Audit Rights,Getting vendors to agree to implement appropriate security measures is one thing, but companies also need to take steps to verify that vendors are living up to these promises. As the FTC has said, “it’s also important to build oversight”into the contracting process.,Other Considerations,2,or Deletion,Data Return,1,To assess vendor security risks, companies should establish a security due diligence process. In addition to analyzing the vendor’s responses to the company’s questionnaire (developed internally or utilizing a standardized questionnaire like the SIG Lite), consider the questions in the text boxes to the right.,Breach,Other Considerations,3,Consider the security risks inherent to third-party components incorporated into your products and services such as malicious code hidden in an open source library or a security flaw permanently embedded in the architecture of hardware components.,Other Considerations,Contractual provisions that require the vendor to timely return or delete company data at the termination of a contract can dramatically reduce post-contract security risks. Companies can’t have a data breach concerning data they no longer have.,Vendor Due,5,Diligence,Other Considerations