Project Overview

Detailed information protection requirements had not been consistently incorporated into all contractual agreements with 3rd parties. Our customer wanted to require everyone who had access to their sensitive data to comply with their corporate information security policy. It was important to ensure customers were protected and to reduce the risk of data breach notification.

Business Exposure

Critical data handling procedures may be overlooked, or not known, by 3rd party vendors and business partners. This could lead to a security breach disclosure of Personally Identifiable Information (PII), or other sensitive data, by 3rd parties.

Project Objective

To create, implement, and monitor information protection requirements for services performed by 3rd parties.

Business Benefits

We strengthened confidence in the overall security of our customers’ systems and processes. We also reduced the risk of unauthorized disclosure, and the risk of regulatory action. Thus, our customer had better coverage across the full risk landscape. Over time, their vendors and partners gained more reliable controls leading to fewer exploits. The project also increased our customer’s ability to demonstrate to their auditors and regulators that they were taking the appropriate steps to protect customer information.