Ride the Lightning

Vendor Management: How to Limit Risk in Data Breaches

April 28, 2015

I can't remember ever citing Business Insurance, but it had an interesting article yesterday on vendor management and commercial claims. How do you manage risk in a data breach? In part, you transfer some responsibility to your vendors. You might require employee training, insurance coverage for data breaches, a warranty of performance up to "industry standard", a warranty about back-ups and data integrity, indemnification in the event of a breach, a duty to notify you and investigate any suspected security incident and a warranty to protect confidential information. The power to negotiate will be a major factor as the Davids of the world have little leverage against the Goliaths.

It has certainly been my experience that law firms and companies worry much more about their own risk management than they do about risk management with respect to their vendors. The C-Suites need to put that item on their agendas!

E-mail:    Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
http://www.senseient.com
http://twitter.com/sharonnelsonesq
www.linkedin.com/in/sharondnelson