Your Vendors Must Have Data Breach Controls

Information provided by The Hartford

Do your organizations’ policies require vendors and associates to meet the same network security and The Hartforddata protections standards that your own organization follows?  They should, said Michael Dandini, senior vice president of The Hartford’s management and professional liability underwriting unit.  Because if there is a breach, consumers and the public may hold your organization responsible, even if a vendor actually caused the breach.

Key Questions for Risk Managers:

  1. Does the company follow industry standards and best practices for handling specific types of data?
  2. Does the company have data breach insurance coverage?
  3. Does the company have a designated person in charge of IT security?   Does it have written data security policies and procedures in place?
  4. Does the company have a data back-up plan?
  5. Does the company have an incident response plan?
Source: Risk & Insurance and the Hartford, December 2011
Posted By: