Search
Data Security Protections in Outsourcing Agreements
Posted
A key finding in the Trustwave 2012 Global Security Report is that in 76% of data breach investigations a third party responsible for system support, development and/or maintenance of business environments introduced the security deficiencies. This should concern any company that outsources the processing, storage or transmission of personally identifiable information (PII) to suppliers of IT or business process outsourcing services.
With the average cost of a data breach in excess of $5 million and the associated reputational risk, outsourcing customers should review their contracts to ensure they contain appropriate commitments and accountability from the supplier with respect to data security. Below is a brief outline of some of the key provisions that should be part of an outsourcing agreement.
Supplier Commitments: Suppliers should commit to the following: