Detailed information protection requirements had not been consistently incorporated into all contractual agreements with 3rd parties. Our customer wanted to require everyone who had access to their sensitive data to comply with their corporate information security policy. It was important to ensure customers were protected and to reduce the risk of data breach notification.
Critical data handling procedures may be overlooked, or not known, by 3rd party vendors and business partners. This could lead to a security breach disclosure of Personally Identifiable Information (PII), or other sensitive data, by 3rd parties.
To create, implement, and monitor information protection requirements for services performed by 3rd parties.
We strengthened confidence in the overall security of our customers’ systems and processes. We also reduced the risk of unauthorized disclosure, and the risk of regulatory action. Thus, our customer had better coverage across the full risk landscape. Over time, their vendors and partners gained more reliable controls leading to fewer exploits. The project also increased our customer’s ability to demonstrate to their auditors and regulators that they were taking the appropriate steps to protect customer information.