Make IT Security a Priority in Vendor Contracts

April 16, 2015 – In The News
Corporate Counsel

Joshua Horn was quoted in the Corporate Counsel article, “Make IT Security a Priority in Vendor Contracts.” Full text can be found in the April 16, 2015, issue, but a synopsis is noted below.

When businesses allow third-party vendors to access their networked IT systems it can be compared to inviting competing businesses to a strategy meeting.

Joshua Horn looked into the security around this practice and said, “The first thing that firms must do to protect themselves is to perform due diligence on the prospective vendor.” It is important to also check the vendors’ control when it comes to employees’ access to data. This information should be covered before contracting a third-party vendor, not after.

The Financial Industry Regulatory Authority advises safe practice policies including data breach notifications, right-to-audit clauses, limitations on vendor access, and subcontractor use. Horn commented, “Best practices would certainly dictate including these areas in any contract with a vendor, especially those who have access to your IT systems.”