Vendors and third parties have increasing access to our data, so it’s important we understand what risks they pose to our organizations as we work with them. Contractual agreements we make with our third-party contractors are ways that we can control how our vendors handle sensitive information—or at least have a documented defense if something were to go wrong on their accord.
This guide is meant to be a starting point for your business. It paints a picture of what things you need to be thinking about when creating contractual agreements with your vendors, and allows you to mold and shape vendor-related policies and procedures from its recommendations.
This document will help you:
- Understand what kinds of things vendors should agree to when working with your business
- Find places where you can get more information about vendor risk management
- Shape recommendations into actions and policies while logging the changes