Why is this a risk?
When engaging suppliers, it is highly likely that some suppliers will obtain information about your company, products, pricing, employees or customers, and will store that information on their systems. The way suppliers store your information, the technology used to ensure it remains secure and confidential, and the way that information is exchanged with you all need to be closely assessed and managed. As many suppliers these days involve technology solutions (many of which are hosted solutions), there is a need to ensure that your suppliers take extra precautions.
Examples of where this risk could affect you
- Your supplier provides a SaaS technology solution that hosts a technology platform containing your proprietary data
- You have a supplier that is going to provide you with market intelligence and needs to access your customer information to conduct a comparative analysis
- You engage a bookkeeping service in certain markets to help you account for transactions according to the local statutory accounts, and engagement requires you to provide your chart of accounts, invoices and transaction data to a supplier in an emerging market
What sort of suppliers could be engaged in this risk area?
The types of suppliers that are likely to hold your data could extend to:
- data warehousing, technology and SaaS software providers
- HR and employee payment/salary processing
- accounting, legal and tax firms.
How are these risks managed?
The risks of data security are normally managed through:
- ensuring that the data processor engages in best practices for data management and data security
- reviewing policies and procedures
- testing policies with intrusion attempts and other means to validate that they actually work.
Which systems and tools do we provide to manage these risks?
Questionnaires, certifications and disclosures completed in the ComplianceDesktop® | Compliance technology Platform, identifying current compliance mechanisms
Testing of mechanisms with site visits, walk-throughs and reviews/audits
Reviewing against international standards