(Note: Always seek legal counsel prior to developing, sending, or signing any contract. This article provides general advice and should not be misconstrued as legal counsel)

Trusting third-parties with your data and provide great benefits, but also great challenges. Coalition recommends that you have a contract with all third-parties, requiring them to uphold the same security standards you do.  We minimally recommend following provisions be added in any third-party agreement:

  1. Contractor agrees to handle data and other information in accordance with [your company] security standards
  2. Prior to receiving or transmitting [your company] data, the provider shall perform a third-party risk assessment
  3. Prior to receiving or transmitting [your company] data, the provider shall remediate all high and critical vulnerabilities on networks processing [your company] data.
  4. Prior to receiving or transmitting [your company] data, the provider shall comply with all government and industry regulations pertaining to the secure storage, transmission, processing, and destruction of [your company] data. This includes HIPAA, PCI, state and federal privacy laws, and other relevant regulations.
  5. If an actual or suspected unauthorized disclosure of, access to, or other breach of [your company] data, the provider shall comply with all state and Federal laws and regulations related to such breach, and will fully cooperate with [your company] and [your company] designees.

We highly recommend consulting legal counsel to develop your contracts, but a good starting point would be to assess your current agreements to ensure that, minimally, they include the above points. 

For more information on this topic, please reach out to us; we're here to help!

Did this answer your question?