Using third party vendors is a common practice in today’s world. It includes outsourcing IT, Human Resources, Legal Aid, IT etc. While it is great and helpful to use these services, they could also be putting your company at risk. You are inviting people into your business and just like with everything else, you must ensure best practices and security measures in order to make these relationships a success.
Know their security practices. We discuss all the time how to keep your organization safe and secure, how to keep your employees safe, etc. However, what about the people you can’t “control.” The contract employees and the vendors you work with, could all be putting your company at risk. Google has created the Vendor Security Assessment Questionnaire, an extensive survey that covers general security and privacy, web application security, infrastructure security, and physical security. Although you might not need such an extensive questionnaire for your vendors, it’s good to have an idea what you should be looking out for when working with vendors. Going over vendor security policies may also help you assess your own company security policies.
Treat third party vendors as employees. These vendors have many similar privileges that inhouse employees do such as physical access, connection to your network, customer contact, access to data, and more. Treating vendors essentially as employees includes implementing the same policies and practices for vendors as you would employees, and building those relationships and trust that you normally would with employees.
Be prepared for the worst. When you enter in a contract with a vendor, you’re so excited about the services and products you will be getting that the little things often slip by. The last thing on your mind is that you could end up in court over a vendor dispute, so you just sign on the dotted line, without reading all the small print. For example, most every vendor has a clause in their contract stating that in the event of a dispute, the vendor’s home state will be the location of the dispute. This could end up costing you and your business significant travel and other expenses. It is important to read through these contracts thoroughly with careful scrutiny. If you don’t, the result could be rather time consuming and costly.
Create a list of all vendors and contracts you have. This will help you make sure you are managing and actively monitoring them to ensure success. Above all, be knowledgeable and approach with caution when entering into contracts and agreements with third party vendors. You must keep the security and success of your business in mind in everything that you do.
Category: Atlanta IT Service Articles, Date: 13th June 2016, Author: Chris Chao