Skip to content
Awareity
Awareity
Primary Navigation Menu
Menu
  • Home
  • About
    • About
    • Awareity Butterfly Effect
    • Contact
    • Support
  • Solutions
    • Information Security Training
      • Information Security Awareness Training
      • Awareness and Accountability Vault (AAV)
    • Prevention and Connecting the Dots Platform
    • First Preventers Framework
    • Prevention and GAP Assessment
    • Threat Assessment Teams
    • Climate Surveys
    • Resellers
    • Industries
      • K12
      • Higher Education
      • Diocese
      • Healthcare
      • Government
      • Corporate
  • Blog
  • Info Request

Third-Parties and the Protection of Sensitive Information: Is Your Organization Lacking Contractual Assurances?

By: Awareity
On: September 17, 2010

 

A recent GAO report has revealed that federal agencies utilizing contracted workers are failing to implement contractual assurances with third-parties regarding the protection of sensitive information.

GAO auditors examined the contracting practices of three of the largest federal agencies and of those three, only one (DHS) required third-party companies to sign standard contracts requiring the contractors to follow best practices in safeguarding sensitive information.

In a recent data breach, a TSA contractor allegedly provided a Boston couple the social security numbers for more than a dozen TSA workers.  Third-parties are increasingly responsible for data breaches, but most often, the hiring agency or company will face the resulting lawsuits, reputational damages, fines, etc.  Outsourcers, consultants, contractors and business partners were responsible for almost half of the data breach incidents in 2008 and recent incidents show third-party gaps are mounting.

It is critical for organizations to require third-parties to be aware of, understand and acknowledge their responsibilities for protecting all types of information.  Organizations should:

  • Train contractors  on best practices for protecting information
  • Require contractors to sign non-disclosure agreements
  • Require contractors to review and acknowledge organization-specific policies and procedures
  • Require contractors to review ongoing updates as risks, challenges, requirements change
  • Track all contractor agreements with legal-ready and audit-ready documentation

 

Lessons learned have shown that third-party data breaches will continue to occur if organizations do not change their status quo processes and connect the dots with third-parties more effectively.

How are you addressing your third-party relationships today?

Have your business partners, contractors, etc. signed off on your organization’s policies and procedures?

Do they understand their individual roles and responsibilities for protecting your customer / sensitive information?

2010-09-17
Previous Post: If I Knew Then What I Know Now…
Next Post: Social Engineering: Need $11K?… Just Ask a Wal-Mart Employee

READ MORE:

WATCH MORE:


Get Solutions For Your Challenges!
 
 
 
 
 
 
Don't worry, we will only call if you request "Phone" as your contact preference. We hate spam calls too!


Not seeing the form to request information? Drop us a line and we'll send you more information!

Recent Blog Posts

Bad News, Good News, and Better News

March 1, 2023

Lawsuits and Settlements Trending Sky High

February 17, 2023

Oklahoma State Department of Education Launches Awareity’s Prevention Platform & Tools

November 10, 2022

A Screw In Your Tire & Pre-Incident Prevention

August 23, 2022

When You Don’t Know What Others Know…Bad Things Can Happen (and are happening)

June 10, 2022

Support

Need more information on
Support for AAV or TIPS?

Click here

What are you looking for?

Connect the Dots With Us!

| |

Designed using Dispatch Premium. Powered by WordPress.