Your organisation may collect data from customers or clients. And you may share this data with 3rd parties who can provide services such as marketing, analytics, invoicing etc. However, as you collected the data, it’s still your responsibility to keep it secure.
This means that your organisation should be taking the following steps
- Keeping a record of what data has been shared, and the third parties it has been shared with
- Ensuring that you have an agreement with each third party setting out the information supplied, the way it will be used, what they will deliver back to you, and how they will keep the data safe
- Performing due diligence on the third parties that hold your most sensitive data. This usually involves an audit of their security – both of the systems used to transfer, store and process your data, and of general IT security (remote access, patching, training etc)
By making the above part of your procedures, you will significantly reduce the risks to your organisation and your clients.
If you’d like any assistance with reviewing and reducing your IT security risks then please get in touch.