Companies are caretakers of valuable corporate assets, such as employees, facilities, equipment, trade secrets, confidential information and intellectual property. Some companies also process and store consumer or employee personal information, which is often subject to various laws regarding unauthorized disclosure, access and use. To adequately protect and mitigate risk to these assets, companies typically develop, implement and maintain a customized set of security standards that are consistent with, among other things, the value of the assets, the risk profile of the company, identified threats to the assets and applicable laws.

When a company outsources a function to a third-party service provider, the company should contractually require the service provider to maintain security standards that are at least as restrictive as the company’s own security standards with respect to the outsourced function. This can be accomplished by requiring the service provider to either comply with: (i) the customer’s security standards; or (ii) the service provider’s security standards along with any additional safeguards to bridge the gap between the standards of the customer and the service provider.

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]